<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
Hi Chris.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
When we were discussing this draft ballot last year, you wrote that "We would still like to determine the best way to direct CAs to the weak key populations assembled through the work of yourself and HARICA" [1], but the new draft ballot makes no mention of
 these useful resources.  Is this a deliberate decision or an oversight?</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
If it was an oversight, please note that I proposed some text in [2].</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
[1] <a href="https://lists.cabforum.org/pipermail/servercert-wg/2021-August/002917.html">https://lists.cabforum.org/pipermail/servercert-wg/2021-August/002917.html</a></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
[2] <a href="https://lists.cabforum.org/pipermail/servercert-wg/2021-August/002925.html" style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;">https://lists.cabforum.org/pipermail/servercert-wg/2021-August/002925.html</a></div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Servercert-wg <servercert-wg-bounces@cabforum.org> on behalf of Chris Kemmerer via Servercert-wg <servercert-wg@cabforum.org><br>
<b>Sent:</b> 31 March 2022 15:42<br>
<b>To:</b> Jaime Hablutzel via Servercert-wg <servercert-wg@cabforum.org><br>
<b>Subject:</b> Re: [Servercert-wg] [EXTERNAL]-Re: SCXX Ballot proposal: Debian Weak keys</font>
<div> </div>
</div>
<div>
<p></p>
<div style="background-color:#FAFA03; width:100%; border-style:solid; border-color:#000000; border-width:1pt; padding:2pt; font-size:10pt; line-height:12pt; font-family:'Calibri'; color:Black; text-align:left">
<span style="color:000000">CAUTION:</span> This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.</div>
<br>
<p></p>
<div>We are pleased to return to discussion of this proposed ballot, which we've reprinted immediately below.<br>
<br>
Based on the discussion thus far, we've addressed Corey's point by adding the <b>
bolded </b>line re: which modulus/exponents a CA MUST check. (We generally agree with Jaime's suggestion that CAs
<i>should </i>check the modulus only but don't see it as crucial to explicitly state this in the ballot.)<br>
<p>We've also updated the version in the proposal.<br>
</p>
If this ballot proceeds the next available designation would be SC55.<br>
<br>
Many thanks,<br>
<br>
Chris K<br>
<br>
<br>
===== <br>
<br>
--- Motion Begins --- <br>
<br>
 <br>
This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” as follows, based on Version 1.8.2:
<br>
<br>
 <br>
Proposed ballot language: <br>
<br>
 <br>
<i>4.9.1.1 Reasons for Revoking a Subscriber Certificate </i><br>
<br>
 <br>
Replace: <br>
<br>
 <br>
4. The CA is made aware of a demonstrated or proven method that can easily compute the Subscriber’s Private Key based on the Public Key in the Certificate (such as a Debian weak key, see
<a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4hFRnAj5AAhpFmB7%2F7gM5qvvGfBBI0uQuCALvBg9rlY%3D&reserved=0" originalsrc="https://wiki.debian.org/SSLkeys" shash="wLGDuomlYAhEA6rsnS6zdYqZthOr1vqmUDsdOtgQhCH+GM9AsPwG+FYvx0+GmDz4/1Ex6NIwNpGg97694r6BIcqfA8VXuchUwA4xb1bZEzR58+NG7eHwu9Li6bpxB2Kt18p6lxzRIzpkPg81Dj7dvHjfZwEAaUDrocYvmtoQpjM=">
https://wiki.debian.org/SSLkeys</a>) <br>
<br>
 <br>
With: <br>
<br>
 <br>
4. The CA is made aware of a demonstrated or proven method that can easily compute the Subscriber’s Private Key (such as those identified in 6.1.1.3(4)).
<br>
<br>
--- <br>
<br>
<i>6.1.1.3. Subscriber Key Pair Generation </i><br>
<br>
 <br>
Replace: <br>
<br>
 <br>
The CA SHALL reject a certificate request if one or more of the following conditions are met:
<br>
<br>
1. The Key Pair does not meet the requirements set forth in Section 6.1.5 and/or Section 6.1.6;
<br>
2. There is clear evidence that the specific method used to generate the Private Key was flawed;
<br>
3. The CA is aware of a demonstrated or proven method that exposes the Applicant's Private Key to compromise;
<br>
4. The CA has previously been made aware that the Applicant's Private Key has suffered a Key Compromise, such as through the provisions of Section 4.9.1.1;
<br>
5. The CA is aware of a demonstrated or proven method to easily compute the Applicant's Private Key based on the Public Key (such as a Debian weak key, see
<a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4hFRnAj5AAhpFmB7%2F7gM5qvvGfBBI0uQuCALvBg9rlY%3D&reserved=0" originalsrc="https://wiki.debian.org/SSLkeys" shash="wLGDuomlYAhEA6rsnS6zdYqZthOr1vqmUDsdOtgQhCH+GM9AsPwG+FYvx0+GmDz4/1Ex6NIwNpGg97694r6BIcqfA8VXuchUwA4xb1bZEzR58+NG7eHwu9Li6bpxB2Kt18p6lxzRIzpkPg81Dj7dvHjfZwEAaUDrocYvmtoQpjM=">
https://wiki.debian.org/SSLkeys</a>). <br>
<br>
 <br>
With: <br>
<br>
 <br>
The CA SHALL reject a certificate request if one or more of the following occurs:
<br>
<br>
1) The requested Public Key does not meet the requirements set forth in Sections 6.1.5 and/or 6.1.6;
<br>
2) The CA is aware of a demonstrated or proven method that exposes the Subscriber's Private Key to compromise;
<br>
3) The CA has previously been made aware that the Subscriber's Private Key has suffered a Key Compromise, such as through the provisions of Section 4.9.1.1;
<br>
4) The Public Key corresponds to an industry demonstrated weak Private Key, in particular:
<br>
a) In the case of ROCA vulnerability, the CA SHALL reject keys identified by the tools available at
<a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcrocs-muni%2Froca&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=85qANnOxsTzmBnNGrBdlaPK4fa6p3SZFnXoA9AnOMxQ%3D&reserved=0" originalsrc="https://github.com/crocs-muni/roca" shash="Ff63agfvkHtI63CgFMmCsuNOkP8DyIWNIZSPzZJWWwJ2tpIKbJV/yNZ64+Wn8Ze7kNINL4GPY8LAMQpZ64sZV15eFN86VWb/hiiFp4fUAvjQFEBfhf4sTZlTAKXz+FvlVeZskh1ZPlravMhbWWV6e2Cl7GuzFag4xMGpBeVMO+Q=">
https://github.com/crocs-muni/roca</a> or equivalent. <br>
b) In the case of Debian weak keys (<a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4hFRnAj5AAhpFmB7%2F7gM5qvvGfBBI0uQuCALvBg9rlY%3D&reserved=0" originalsrc="https://wiki.debian.org/SSLkeys" shash="wLGDuomlYAhEA6rsnS6zdYqZthOr1vqmUDsdOtgQhCH+GM9AsPwG+FYvx0+GmDz4/1Ex6NIwNpGg97694r6BIcqfA8VXuchUwA4xb1bZEzR58+NG7eHwu9Li6bpxB2Kt18p6lxzRIzpkPg81Dj7dvHjfZwEAaUDrocYvmtoQpjM=">https://wiki.debian.org/SSLkeys</a>),
 the CA SHALL reject at least keys generated by the flawed OpenSSL version with the combination of the following parameters:
<br>
<br>
i) Big-endian 32-bit, little-endian 32-bit, and little-endian 64-bit architecture;
<br>
ii) Process ID of 0 to 32767, inclusive; <br>
iii) All RSA Public Key lengths supported by the CA up to and including 4096 bits;
<br>
iv) rnd, nornd, and noreadrnd OpenSSL random file state. <br>
<br>
For Debian weak keys not covered above, the CA SHALL take actions to minimize the probability of certificate issuance.
<br>
<br>
<b>CAs MUST check for Debian weak keys for all RSA modulus lengths and exponents that they accept.</b>
<br>
 <br>
--- Motion Ends ---<br>
<br>
=====<br>
<br>
<div class="x_moz-cite-prefix">On 10/28/2021 3:55 PM, Jaime Hablutzel via Servercert-wg wrote:<br>
</div>
<blockquote type="cite">
<div class="">
<div dir="auto" class="">It could be helpful to be a little bit more explicit on the fact that the required check is against the modulus<span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif"> only as it </span><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">could
 avoid d</span><span class="" style="border-color:rgb(0,0,0)">evelopers to</span><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; border-color:rgb(0,0,0)"> implement this check against full public keys, which </span><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">can
 lead to:</span></div>
<div dir="auto" class="">
<ul class="">
<li class=""><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">Some CAs could
</span><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">unknowingly </span><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">embark themselves in the onerous task of generating the affected key pairs for each different
 public exponent, which is not really required</span><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">.</span></li><li class=""><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">Because of the higher amount of work required for supporting/maintaining the check in this way, some CAs
</span><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">might mistakenly omit checking some subscriber keys, e.g. they might have in their blocklists only the affected public keys with the public exponent set to 65537, even when they (</span><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">unintentionally</span><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">)
 support subscriber keys with other values for the public exponent.</span></li></ul>
</div>
</div>
<div class="">
<div class=""><br class="">
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Thu, 28 Oct 2021 at 03:02 Rob Stradling <<a href="mailto:rob@sectigo.com" target="_blank" class="x_moz-txt-link-freetext">rob@sectigo.com</a>> wrote:<br class="">
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px
0.8ex; border-left-width:1px; border-left-style:solid; padding-left:1ex; border-left-color:rgb(204,204,204)">
<div dir="ltr" class="">
<div class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
> I think we can merely state that CAs must check for Debian weak keys for all RSA modulus lengths and exponents that they accept. Using a comparison of the modulus (or its hash) is essentially an implementation detail that we don’t need to explicitly mandate.</div>
<div class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br class="">
</div>
<div class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Thanks Corey.  That makes sense.</div>
<div class="">
<div class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br class="">
<hr class="" style="display:inline-block; width:98%; font-family:Calibri,Arial,Helvetica,sans-serif">
<b class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">From:</b> Corey Bonnell<br class="">
<b class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">Sent:</b> Wednesday, October 27, 2021 18:43<br class="">
<b class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">To:</b> Rob Stradling; Jaime Hablutzel; CA/B Forum Server Certificate WG Public Discussion List<br class="">
<b class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">Cc:</b> Christopher Kemmerer<br class="">
<b class="" style="font-family:Calibri,Arial,Helvetica,sans-serif">Subject:</b> RE: [EXTERNAL]-Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys
<div class="" style="font-family:Calibri,Arial,Helvetica,sans-serif"><br class="">
</div>
</div>
<div class="">
<div class="" lang="EN-US" style="word-wrap:break-word">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
> <span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black">
Hi Jaime.  Ooh, you're right!  The affected OpenSSL versions generate the same predictable moduli regardless of the public exponent value.</span></div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Yes, that’s great to know; thanks for pointing it out.</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
> <span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black">
What's the best way to capture all this in the ballot?</span></div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
I think we can merely state that CAs must check for Debian weak keys for all RSA modulus lengths and exponents that they accept. Using a comparison of the modulus (or its hash) is essentially an implementation detail that we don’t need to explicitly mandate.</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Thanks,</div>
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Corey</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="border-style:solid none
                            none; border-top-width:1pt; padding:3pt 0in
                            0in; border-top-color:rgb(225,225,225)">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif">From:</b> Rob Stradling <<a href="mailto:rob@sectigo.com" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">rob@sectigo.com</a>>
<br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b> Wednesday, October 27, 2021 5:31 AM<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b> Jaime Hablutzel <<a href="mailto:jhablutz@WISEKEY.COM" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">jhablutz@WISEKEY.COM</a>>; CA/B Forum Server Certificate
 WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">servercert-wg@cabforum.org</a>><br class="">
<b class="" style="font-family:Calibri,sans-serif">Cc:</b> Corey Bonnell <<a href="mailto:Corey.Bonnell@digicert.com" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">Corey.Bonnell@digicert.com</a>>; Christopher Kemmerer
 <<a href="mailto:chris@ssl.com" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">chris@ssl.com</a>><br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b> Re: [EXTERNAL]-Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys</div>
</div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black">Hi Jaime.  Ooh, you're right!  The affected OpenSSL versions generate the same predictable moduli regardless of the public exponent value.</span></div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black"> </span></p>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black">So yes, the optimal approach seems to be for CAs to use Debian weak key blocklists that are based on only the RSA modulus.</span></div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black"> </span></p>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black">Corey's point applies if a CA chooses instead to implement a Debian weak key blocklist of (for example) SubjectPublicKeyInfos with public exponent 65537.</span></div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black"> </span></p>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black">What's the best way to capture all this in the ballot?</span></div>
</div>
<div class="">
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black"> </span></p>
<div class="" align="center" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; text-align:center">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black">
<hr class="" width="98%" size="2" align="center" style="font-family:Calibri,sans-serif">
</span></div>
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black">From:</span></b><span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black"> Jaime Hablutzel<br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b> Sunday, October 24, 2021 23:25<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b> Rob Stradling; CA/B Forum Server Certificate WG Public Discussion List<br class="">
<b class="" style="font-family:Calibri,sans-serif">Cc:</b> Corey Bonnell; Christopher Kemmerer<br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b> Re: [EXTERNAL]-Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys
</span></div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif; color:black"> </span></p>
</div>
</div>
<div class="">
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Hi, I might be (very) wrong here, but, shouldn’t blocklists be based only on the RSA modulus for different key sizes so validation implementations match the module only irrespective of whatever the public exponent is? or does the affected prime generation random
 source seed from the public exponent too?</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<br class="">
<br class="">
</div>
<blockquote class="" style="margin-top:5pt; margin-bottom:5pt">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
On 22 Oct 2021, at 08:58, Rob Stradling via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">servercert-wg@cabforum.org</a>> wrote:</div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">> ...my opinion is that we should introduce a new requirement such that CAs must check for Debian weak keys for all RSA modulus lengths and exponents that they accept. CAs are uniquely positioned
 to prevent the usage of these weak keys in the web PKI, so there is a security benefit in mandating such universal checks.</span></div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Hi Corey.  Yeah, OK.  You've persuaded me.</span></div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">FWIW, my tools at<span class="" style="font-family:Calibri,sans-serif"> </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_CVE-2D2008-2D0166%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DgZAtYdIgwjZ_F9FpjPlUFmh9SQve9WXOyzZCTDLhsH4%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=TEUC0aN4k%2Bs7uM2ZRCdMth7nLYtuFz3RteJ%2FX%2BbWoho%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_CVE-2D2008-2D0166&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=gZAtYdIgwjZ_F9FpjPlUFmh9SQve9WXOyzZCTDLhsH4&e=" shash="AX8AOAjZk74D3jHVXtjIjY/8E+zluZUlTUofMLRaKJlYHGz5qND1o03hd4G+c0nDtA4pYLpxVfs0D3u/RxKAjUnjhsNA+qWxqhqeZGdEQkFgRPD464cM9vnE6wJ+/YTmKQXslkVpg+zpKeismLEBJGq/Qeeuyh/JLnqd87N8adw=" rel="noopener noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">https://github.com/CVE-2008-0166</a> only
 support 65537 at the moment.  I guess I'll just have to wait and see if anyone asks for other public exponent values to be supported. <span class="" style="font-family:Calibri,sans-serif"> </span></span><span class="" style="font-size:12pt; font-family:"Segoe UI Emoji",sans-serif">🙂</span><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"></span></div>
</div>
<div class="">
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
<div class="" align="center" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; text-align:center">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">
<hr class="" width="972" size="2" align="center" style="width:729.1pt; font-family:Calibri,sans-serif">
</span></div>
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">From:</span></b><span class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></span><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Corey
 Bonnell<br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Tuesday, October 19, 2021 19:48<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Rob Stradling; Christopher Kemmerer; CA/B Forum Server Certificate WG Public Discussion List<br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b><span class="" style="font-family:Calibri,sans-serif"> </span>RE: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys
</span></div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
</div>
<div class="">
<div class="">
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Hi Rob,</div>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Comments inline.</div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
><span class="" style="font-family:Calibri,sans-serif"> </span><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">AFAICT, in the affected Debian OpenSSL versions:</span></div>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">  - "openssl req -newkey" had a hardcoded public exponent of 65537 (see </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_openssl_openssl_blob_OpenSSL-5F0-5F9-5F8f_apps_req.c-23L768%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DVu5UXlPv7euZNJXCO15ReMLK_k5MyC3YaUliVn6DQcU%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=CFzhFDsWvd8IuB%2F7K4XmytQS4tfPSj5zC%2BcRJTi%2B1Ik%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_blob_OpenSSL-5F0-5F9-5F8f_apps_req.c-23L768&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=Vu5UXlPv7euZNJXCO15ReMLK_k5MyC3YaUliVn6DQcU&e=" shash="BaDltJ+sX2AsFFvc0MFKx5jTe5Ibh/luBLeMIc/soGmrzi8Y2CPAlD6mQCFu02gy1SY2n8fxv9myrOleGqT0I038FcSIRNR741n2vJucNY0093wEPizVZH5WJhDtNr2mlsf7FGNzi4IWMQX2uSDD+9LthhYlNaVgOSdjAph93yo=" rel="noopener
                                                    noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/openssl/openssl/blob/OpenSSL_0_9_8f/apps/req.c#L768</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">).</span></div>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">  - "openssl genrsa" defaulted to 65537, but provided a "-3" command-line option to use a public exponent of 3 instead (see </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_openssl_openssl_blob_OpenSSL-5F0-5F9-5F8f_apps_genrsa.c%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DMXbwubefERoNQfWd4kC0f7rxRrBl5yB1YZ2Y3OmPQoo%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rrfYAvhNgt9qoFmuq2XRK1hk50%2FOoMXJDyyFhaOuN%2FE%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_blob_OpenSSL-5F0-5F9-5F8f_apps_genrsa.c&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=MXbwubefERoNQfWd4kC0f7rxRrBl5yB1YZ2Y3OmPQoo&e=" shash="Ri4Zh5TWE7I8ASIDnixr4Ulqwj/l1EaacnfUn/WmRicqAAASuQvNytXb7JYseBuTFkrnLTMq2qtuLBXSOFKWbJ1TUEeGF/3j4hch/69HLcYoMcn/46W8X99Gu2hTuA8og43fnAFWqgHx1cb3Xe3BiuSSt93M9GKvuPvSnMaoleI=" rel="noopener
                                                    noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/openssl/openssl/blob/OpenSSL_0_9_8f/apps/genrsa.c</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">).</span></div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
As you point out, the command-line tooling bundled with OpenSSL 0,9.8 generally restricted the allowed exponent. However, the RSA key generation API allowed any exponent to be specified [1], so it is possible that a custom application passed exponent values
 besides 3 or 65537 to the RSA key generation function.</div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
><span class="" style="font-family:Calibri,sans-serif"> </span><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Are there any good reasons to continue to permit the public exponent 3 ?</span></div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Judging from Censys, it appears that there are some publicly trusted certificates containing RSA keys with an exponent of 3, so there will presumably be a (minor) ecosystem impact if an exponent value of 3 were banned. That being said, exponents smaller than
 65537 are outside the SHOULD-level exponent range since BR v1.1.3 (now in section 6.1.6) so perhaps it’s time to consider strengthening the SHOULD to a MUST. Probably such a change would be outside the scope of this ballot, though.</div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
><span class="" style="font-family:Calibri,sans-serif"> </span><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">The "openssl-vulnkey" tool that Debian used to ship only provided blocklists for keys with public exponents of 65537, so should
 we take that as a sign that CAs needn't perform a Debian weak key check when the public exponent is anything other than 65537 ?</span></div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
While the precedent set by accepted remediations for incidents surrounding Debian weak keys has been for CAs to check the lists distributed in the openssl-blacklist Debian package, my opinion is that we should introduce a new requirement such that CAs must
 check for Debian weak keys for all RSA modulus lengths and exponents that they accept. CAs are uniquely positioned to prevent the usage of these weak keys in the web PKI, so there is a security benefit in mandating such universal checks.</div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Thanks,</div>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Corey</div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
[1]<span class="" style="font-family:Calibri,sans-serif"> </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_openssl_openssl_blob_OpenSSL-5F0-5F9-5F8f_crypto_rsa_rsa-5Fgen.c-23L78%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DBZt9wGuErHLlj4PgA-Q_BWX-TmBE7NrL_QZcjyFCmLs%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cNGl0%2F1E7QKEo9Iw2wR8xsVS4ibaZkStGhNpcxCeTPU%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_blob_OpenSSL-5F0-5F9-5F8f_crypto_rsa_rsa-5Fgen.c-23L78&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=BZt9wGuErHLlj4PgA-Q_BWX-TmBE7NrL_QZcjyFCmLs&e=" shash="OZ7qjpoPGj3p3vvCErdsrsvHHG9lhjJyci7Lk/sCFmjDAwB54gRUzWzVD1DtU6Ay/KwiopeQd5KWVcoJkj6LNrYKb/QMj2oZsAmaEOo3qATlcU291kRhevLriBe5gpM6FXj6WafqATEeeWtAPCXyH+hLCV0EUisX2glmDqAf+7Q=" rel="noopener
                                                    noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">https://github.com/openssl/openssl/blob/OpenSSL_0_9_8f/crypto/rsa/rsa_gen.c#L78</a></div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="" style="border-style:solid
                                                  none
                                                  none; border-top-width:1pt; padding:3pt
                                                  0in
                                                  0in; border-top-color:rgb(225,225,225)">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif">From:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Rob Stradling <<a href="mailto:rob@sectigo.com" rel="noopener
                                                        noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">rob@sectigo.com</a>><span class="" style="font-family:Calibri,sans-serif"> </span><br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Tuesday, October 19, 2021 11:31 AM<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Christopher Kemmerer <<a href="mailto:chris@ssl.com" rel="noopener
                                                        noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">chris@ssl.com</a>>;
 CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" rel="noopener
                                                        noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">servercert-wg@cabforum.org</a>>;
 Corey Bonnell <<a href="mailto:Corey.Bonnell@digicert.com" rel="noopener noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">Corey.Bonnell@digicert.com</a>><br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys</div>
</div>
</div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Hi Corey.</span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">AFAICT, in the affected Debian OpenSSL versions:</span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">  - "openssl req -newkey" had a hardcoded public exponent of 65537 (see </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_openssl_openssl_blob_OpenSSL-5F0-5F9-5F8f_apps_req.c-23L768%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DVu5UXlPv7euZNJXCO15ReMLK_k5MyC3YaUliVn6DQcU%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=CFzhFDsWvd8IuB%2F7K4XmytQS4tfPSj5zC%2BcRJTi%2B1Ik%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_blob_OpenSSL-5F0-5F9-5F8f_apps_req.c-23L768&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=Vu5UXlPv7euZNJXCO15ReMLK_k5MyC3YaUliVn6DQcU&e=" shash="BaDltJ+sX2AsFFvc0MFKx5jTe5Ibh/luBLeMIc/soGmrzi8Y2CPAlD6mQCFu02gy1SY2n8fxv9myrOleGqT0I038FcSIRNR741n2vJucNY0093wEPizVZH5WJhDtNr2mlsf7FGNzi4IWMQX2uSDD+9LthhYlNaVgOSdjAph93yo=" rel="noopener
                                                      noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/openssl/openssl/blob/OpenSSL_0_9_8f/apps/req.c#L768</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">).</span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">  - "openssl genrsa" defaulted to 65537, but provided a "-3" command-line option to use a public exponent of 3 instead (see </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_openssl_openssl_blob_OpenSSL-5F0-5F9-5F8f_apps_genrsa.c%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DMXbwubefERoNQfWd4kC0f7rxRrBl5yB1YZ2Y3OmPQoo%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rrfYAvhNgt9qoFmuq2XRK1hk50%2FOoMXJDyyFhaOuN%2FE%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_blob_OpenSSL-5F0-5F9-5F8f_apps_genrsa.c&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=MXbwubefERoNQfWd4kC0f7rxRrBl5yB1YZ2Y3OmPQoo&e=" shash="Ri4Zh5TWE7I8ASIDnixr4Ulqwj/l1EaacnfUn/WmRicqAAASuQvNytXb7JYseBuTFkrnLTMq2qtuLBXSOFKWbJ1TUEeGF/3j4hch/69HLcYoMcn/46W8X99Gu2hTuA8og43fnAFWqgHx1cb3Xe3BiuSSt93M9GKvuPvSnMaoleI=" rel="noopener
                                                      noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/openssl/openssl/blob/OpenSSL_0_9_8f/apps/genrsa.c</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">).</span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Are there any good reasons to continue to permit the public exponent 3 ?</span></div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">The "openssl-vulnkey" tool that Debian used to ship only provided blocklists for keys with public exponents of 65537, so should we take that as a sign that CAs needn't perform a Debian weak
 key check when the public exponent is anything other than 65537 ?</span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="" align="center" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; text-align:center">
<hr class="" width="98%" size="2" align="center" style="font-family:Calibri,sans-serif">
</div>
<div id="x_m_-5641879633787292213m_-1239830060004810024x_x_x_divRplyFwdMsg" class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif">From:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" rel="noopener
                                                      noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">servercert-wg-bounces@cabforum.org</a>>
 on behalf of Corey Bonnell via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" rel="noopener noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">servercert-wg@cabforum.org</a>><br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b><span class="" style="font-family:Calibri,sans-serif"> </span>19 October 2021 15:31<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Christopher Kemmerer <<a href="mailto:chris@ssl.com" rel="noopener
                                                      noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">chris@ssl.com</a>>;
 CA/B Forum Server Certificate WG Public Discussion List <<a href="mailto:servercert-wg@cabforum.org" rel="noopener
                                                      noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">servercert-wg@cabforum.org</a>><br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
</div>
</div>
<div class="">
<div class="" style="border:1pt
                                                  solid
                                                  black; padding:2pt">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; line-height:12pt; background-color:rgb(250,250,3)">
<span class="" style="font-size:10pt; font-family:Calibri,sans-serif; color:black">CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.</span></div>
</div>
</div>
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"> </p>
<div class="">
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Hi Chris,</div>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Apologies for the late reply. I noticed that the current proposed language has no guidance regarding RSA exponents. I think it would be useful to specify the expectations in this regard (whether the CA must check for weak keys for all key lengths and exponent
 combinations accepted/supported by the CA, or if checking weak key lists for only exponents 3 and 65537 is sufficient, etc.).</div>
</div>
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Thanks,</div>
</div>
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Corey</div>
</div>
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
<div class="">
<div class="" style="border-style:solid
                                                        none
                                                        none; border-top-width:1pt; padding:3pt
                                                        0in
                                                        0in; border-top-color:rgb(225,225,225)">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif">From:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Servercert-wg <<a href="mailto:servercert-wg-bounces@cabforum.org" rel="noopener
                                                          noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">servercert-wg-bounces@cabforum.org</a>><span class="" style="font-family:Calibri,sans-serif"> </span><b class="" style="font-family:Calibri,sans-serif">On
 Behalf Of<span class="" style="font-family:Calibri,sans-serif"> </span></b>Christopher Kemmerer via Servercert-wg<br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Friday, October 15, 2021 10:33 AM<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Rob Stradling <<a href="mailto:rob@sectigo.com" rel="noopener
                                                          noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">rob@sectigo.com</a>>;
 Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr" rel="noopener noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">dzacharo@harica.gr</a>>; CA/B Forum Server Certificate WG Public Discussion
 List <<a href="mailto:servercert-wg@cabforum.org" rel="noopener
                                                          noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">servercert-wg@cabforum.org</a>>; Jacob
 Hoffman-Andrews <<a href="mailto:jsha@letsencrypt.org" rel="noopener
                                                          noreferrer" target="_blank" class="x_moz-txt-link-freetext" style="font-family:Calibri,sans-serif">jsha@letsencrypt.org</a>><br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys</div>
</div>
</div>
</div>
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
<p class="" style="margin:0in
                                                      0in
                                                      12pt; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:9pt; font-family:Helvetica,sans-serif">Thank you, Rob, and shall watch for that update. Meanwhile we are doing a final-final pass through our draft language for clarity and will send it early next week.</span></p>
<p class="" style="margin:0in
                                                      0in
                                                      12pt; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:9pt; font-family:Helvetica,sans-serif">Chris K<br class="">
<br class="">
Meanwhile, we've cycled our draft language through  another review and have made IIRC only one or two minor edits for clarity (h/t BenW).</span></p>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
On 10/14/2021 9:49 AM, Rob Stradling wrote:</div>
</div>
</div>
<blockquote class="" style="margin-top:5pt; margin-bottom:5pt">
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Today I rediscovered that I'd previously generated the RSA-8192 blocklists back in December 2009, and that they're still available at<span class="" style="font-family:Calibri,sans-serif"> </span></span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fsecure.sectigo.com-252Fdebian-5Fweak-5Fkeys-252F-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987811664-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DBknvgeWEnZ4pvV0PZHrsqaYgYgzgs4wad1Y3lmy1FWk-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DzzVoaIwOBGmJbK59JUU8ZW6-rpOfDM9LW4-DOaggMQQ%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=k558vC33bVI6AWTE6Fg35is0JdK940AyHyiL8eamlb8%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fsecure.sectigo.com-252Fdebian-5Fweak-5Fkeys-252F-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987811664-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DBknvgeWEnZ4pvV0PZHrsqaYgYgzgs4wad1Y3lmy1FWk-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=zzVoaIwOBGmJbK59JUU8ZW6-rpOfDM9LW4-DOaggMQQ&e=" shash="ft6D8c6eWdQIRS+p7PApu/MGx81ZDS7eSJALgrOpeJ2w6oXnydTejmOeDJz+YMLWOTQlpnJwvVIj44AtdVHptABAi5yE/mLOlyWW726LbTpDSCCpVtFq6xm3cIW3q3rmJXjfhsyKct/hOr/k3ynxw+XAxCu5cfSSj323c+g8SSc=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://secure.sectigo.com/debian_weak_keys/</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">. 
 When I compared the old and new RSA-8192 blocklists, I found that ~0.8% of the "rnd" keys are different.  It looks like, for reasons unknown, the "OpenSSL random file state" misbehaved occasionally over the 8 month run that ended recently.</span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">I'll report back once I've regenerated and verified the problematic keys.</span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="" align="center" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; text-align:center">
<hr class="" width="98%" size="2" align="center" style="font-family:Calibri,sans-serif">
</div>
<div id="x_m_-5641879633787292213m_-1239830060004810024x_x_x_x_divRplyFwdMsg" class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif">From:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Rob Stradling<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:rob@sectigo.com" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><rob@sectigo.com></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b><span class="" style="font-family:Calibri,sans-serif"> </span>23 September 2021 19:17<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Christopher Kemmerer<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:chris@ssl.com" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><chris@ssl.com></a>;
 Dimitris Zacharopoulos (HARICA)<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:dzacharo@harica.gr" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><dzacharo@harica.gr></a>;
 CA/B Forum Server Certificate WG Public Discussion List<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:servercert-wg@cabforum.org" rel="noopener noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><servercert-wg@cabforum.org></a>;
 Jacob Hoffman-Andrews<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:jsha@letsencrypt.org" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><jsha@letsencrypt.org></a>;
 Rob Stradling<a href="mailto:rob@sectigo.com" rel="noopener noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><rob@sectigo.com></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
</div>
</div>
<div class="">
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">> BTW, in case it helps, I'm about half way through generating a full set of RSA-8192 Debian weak keys, which (when complete) I'll add to the<span class="" style="font-family:Calibri,sans-serif"> </span></span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987811664-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DhEYtpXP81bOYFl0bdDSzbg8zxn7gozJ2bXAzE3ZPLwQ-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DCZuzMqYs2tJKnr9PUCkV8xEr-EQLZuEnpygT0nUUNYQ%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=DRIBmtFJogNVLJw0%2FHztWaGcwwyb718mN7ZWLYytKWM%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987811664-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DhEYtpXP81bOYFl0bdDSzbg8zxn7gozJ2bXAzE3ZPLwQ-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=CZuzMqYs2tJKnr9PUCkV8xEr-EQLZuEnpygT0nUUNYQ&e=" shash="M8p5iMtBV40Wx72sZxVyvQHe/iZYpY+k4HKYZ8X8F0ozX3omXeTFJhr+XERe4PvYe5M+wV1eTCkDObeEMLdX01mBS/bS+lfPE73nnzPq/YGzavbT0/3CqP9yX9b4FaMFtwi3TWWUgpHd2KVY4QxZH1GsxxMKRXNCGMIiUNeERqs=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/CVE-2008-0166</span></a><span class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></span><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">repositories.</span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">It took nearly 8 months (using just a single core of a fairly modest CPU), but it finally finished!  Repositories updated.</span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="" align="center" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; text-align:center">
<hr class="" width="98%" size="2" align="center" style="font-family:Calibri,sans-serif">
</div>
<div id="x_m_-5641879633787292213m_-1239830060004810024x_x_x_x_x_divRplyFwdMsg" class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif">From:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Servercert-wg<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:servercert-wg-bounces@cabforum.org" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><servercert-wg-bounces@cabforum.org></a><span class="" style="font-family:Calibri,sans-serif"> </span>on
 behalf of Rob Stradling via Servercert-wg<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:servercert-wg@cabforum.org" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><servercert-wg@cabforum.org></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b><span class="" style="font-family:Calibri,sans-serif"> </span>13 May 2021 15:42<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Christopher Kemmerer<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:chris@ssl.com" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><chris@ssl.com></a>;
 Dimitris Zacharopoulos (HARICA)<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:dzacharo@harica.gr" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><dzacharo@harica.gr></a>;
 CA/B Forum Server Certificate WG Public Discussion List<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:servercert-wg@cabforum.org" rel="noopener noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><servercert-wg@cabforum.org></a>;
 Jacob Hoffman-Andrews<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:jsha@letsencrypt.org" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><jsha@letsencrypt.org></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
</div>
</div>
<div class="">
<div class="" style="border:1pt
                                                          solid
                                                          black; padding:2pt">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; line-height:12pt; background-color:rgb(250,250,3)">
<span class="" style="font-size:10pt; font-family:Calibri,sans-serif; color:black">CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.</span></div>
</div>
</div>
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
<div class="">
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">> iii) All RSA Public Key lengths supported by the CA up to and including 4096 bits;</span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">> ...</span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">> For Debian weak keys not covered above, the CA SHALL take actions to minimize the probability of certificate issuance.</span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Hi Christopher.  What sort of "actions" are envisaged here?  If a CA is processing a certificate request that contains a (for example) RSA-4088 public key (i.e., a key size not covered by
 an available Debian weak list), either the CA is going to issue the cert or they're not.  What, concretely, does "minimize the probability of certificate issuance" actually mean?</span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Why not remove that "SHALL" sentence and change point iii to: "<span class="" style="font-family:Calibri,sans-serif; background-color:white; color:black">iii) All RSA Public Key lengths supported
 by the CA." ?</span></span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">BTW, in case it helps, I'm about half way through generating a full set of RSA-8192 Debian weak keys, which (when complete) I'll add to the<span class="" style="font-family:Calibri,sans-serif"> </span></span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987821618-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3D34YXT3egxh7Xtc5k5gqy8idcbz9cgokAIz7o8Xwbh94-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DtaqinDAOLRdSvETy9ob78hR_-KPxttqWcUNY_M86mTY%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=IbrmcUET1SUCiJ1yvSsgKmtURWGBSCX41BDGV9yf%2BWk%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987821618-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3D34YXT3egxh7Xtc5k5gqy8idcbz9cgokAIz7o8Xwbh94-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=taqinDAOLRdSvETy9ob78hR_-KPxttqWcUNY_M86mTY&e=" shash="l2/i7hXaCUsR7+Ia7oq4LH84VIgN3ncd0svtXHyPwuh9WbtUCtqrvei9JnzXvzsrB3P0DixiDqYvfzwrPkm4S4kEP7hDS2nlGKnB5O5d3CpnC8PWJ4zgLtfxJiwyKd1aZa1gd5ASxooSYX8xyiL12FKjfoZGwIxHoaM1AOleFMM=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/CVE-2008-0166</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> repositories.</span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="">
<div class="" align="center" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; text-align:center">
<hr class="" width="98%" size="2" align="center" style="font-family:Calibri,sans-serif">
</div>
<div id="x_m_-5641879633787292213m_-1239830060004810024x_x_x_x_x_x_divRplyFwdMsg" class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif">From:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Christopher Kemmerer<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:chris@ssl.com" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><chris@ssl.com></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b><span class="" style="font-family:Calibri,sans-serif"> </span>13 May 2021 15:12<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Rob Stradling<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:rob@sectigo.com" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><rob@sectigo.com></a>;
 Dimitris Zacharopoulos (HARICA)<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:dzacharo@harica.gr" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><dzacharo@harica.gr></a>;
 CA/B Forum Server Certificate WG Public Discussion List<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:servercert-wg@cabforum.org" rel="noopener noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><servercert-wg@cabforum.org></a>;
 Jacob Hoffman-Andrews<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:jsha@letsencrypt.org" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><jsha@letsencrypt.org></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
</div>
</div>
<div class="">
<div class="" style="border:1pt
                                                          solid
                                                          black; padding:2pt">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; line-height:12pt; background-color:rgb(250,250,3)">
<span class="" style="font-size:10pt; font-family:Calibri,sans-serif; color:black">CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.</span></div>
</div>
</div>
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
<div class="">
<div class="">
<p class="" style="margin:0in
                                                          0in
12pt; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">Hello,</span></p>
</div>
<div class="">
<p class="" style="margin:0in
                                                          0in
12pt; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">We deeply appreciate the useful discussion in this thread regarding this issue. We especially applaud the efforts of HARICA and Sectigo to independently generate more comprehensive lists of potentially affected
 Debian weak keys. As Rob Stradling observed through his crt.sh research (20210107,</span><span class="" style="font-family:Calibri,sans-serif"> </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgist.github.com-252Frobstradling-252Fa5590b6a13218fe561dcb5d5c67932c5-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987821618-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DQXz4cOmARv-252Fg8-252FJF2NNEW2-252BSbjHJu1pv8X6vjLCx7io-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DEARvfcpJ6O_cJ0KioLW9U0gNj00u2-_njjGSKcTRtE8%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=eTQlm6st%2FxbcytAMKKIkgdnRrARKaBm2u9VsGikelLY%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgist.github.com-252Frobstradling-252Fa5590b6a13218fe561dcb5d5c67932c5-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987821618-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DQXz4cOmARv-252Fg8-252FJF2NNEW2-252BSbjHJu1pv8X6vjLCx7io-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=EARvfcpJ6O_cJ0KioLW9U0gNj00u2-_njjGSKcTRtE8&e=" shash="ftEbVqTzciVU5zn8Edi2OiaUQR1lCbLM+lik5TvipRlRU/fY7JeYogNgiYhufDOQByRFPOzWcmR/usEZW+Nzb9cU2yUcEy90yozoTBtNhhtFC1P37qjsaKH//LdsRXu/NmmnJe2yJG9TDjFdUlkhTvS8bgOuPvSMVuZEIZEaBaM=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">https://gist.github.com/robstradling/a5590b6a13218fe561dcb5d5c67932c5</a><span class="" style="font-family:Calibri,sans-serif">)
 of the five most utilized algorithm/key size populations, two are ECC (so not impacted by the Debian weak key issue) and three are RSA (2048, 4096, and 3072 bit length, in that order).</span></p>
</div>
<div class="">
<p class="" style="margin:0in
                                                          0in
12pt; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">As of their most recent messages it appears that these two organizations have independently generated comprehensive lists identifying all RSA-2048 and -4096 bit length keys. (We understand RSA-3072 length
 keys are also available.) This offers the possibility that complete lists, if accepted as authoritative, could be accessed by the community to help prevent exploitation of this vulnerability.</span></p>
</div>
<div class="">
<p class="" style="margin:0in
                                                          0in
12pt; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">It was also noted (by the representative from Let's Encrypt) that the ROCA vulnerability is presently identified through use of a tool supported externally. It was suggested that this resource be archived
 in a manner that ensures availability. (Our proposed language points to "</span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252Fcrocs-2Dmuni-252F-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987831575-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DZQMlATqs-252BM7Vr3aIgjdrH06gaOrkgAPTbMkM4gcSROs-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DgoTnhfES-zV16ifNjJ90Y_GUk39wftGwqMJiZKuw5aY%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=xSxeb74w1Pt8LDB8sTbW%2BcWHu%2BBeqVH7bz4868zhSKU%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252Fcrocs-2Dmuni-252F-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987831575-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DZQMlATqs-252BM7Vr3aIgjdrH06gaOrkgAPTbMkM4gcSROs-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=goTnhfES-zV16ifNjJ90Y_GUk39wftGwqMJiZKuw5aY&e=" shash="afiK0I5GwEd0v4kRk5H/4C9hyjVf3mIJrNEK3ODQJJmi7Ya9cJBer+9uHkWQqMh68OVUaAAbUCaPKlbSeDiW4Qsftyzho6tGGg3e6NSsalgBO794La4P+uzucwkRTlBPQqDlNEpgOLtHEj9LgHw2zRyeRnzDbTUlcrRw3MEyHGg=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">https://github.com/crocs-muni/</a><span class="" style="font-family:Calibri,sans-serif">roca
 or equivalent.")</span></p>
</div>
<div class="">
<p class="" style="margin:0in
                                                          0in
12pt; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">We think our present ballot language (reproduced at the end of this message) provides appropriately focused guidance to CAs. If available, we'd certainly like to also see the HARICA/Sectigo lists (which
 CAs could use for the majority of Debian weak key use cases) captured somewhere in this ballot language. We are agnostic as to 1) where exactly these resources might be maintained and 2) where this ballot places directions to these resources - an annex to
 the current requirements, a separate CA/BF guidance document or within Sections <a href="https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2F4.9.1.1%2F6.1.1.3&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=QR5jrJJn3j%2BRZp%2FL7njDRrKs1e8FJs9LcDkMW9AcueI%3D&reserved=0" originalsrc="http://4.9.1.1/6.1.1.3" shash="SkY+qDZOND9N13uAAnXcuTSvfyTXKJGVnul9/c2PXcTnb4msHAK1Dxw4GFddD3O9Cm3XoOF2sC1wTHVVDEi+5hr99EQ1UflDTTdt4TFsWNA5DOJw3besRFjjeZTCRxdC7PfEfUILLFce1xU2VzBWizBZiV4WQksSR75geL/QJGE=" target="_blank" class="" style="font-family:Calibri,sans-serif">
4.9.1.1/6.1.1.3</a>.</span></p>
</div>
<div class="">
<p class="" style="margin:0in
                                                          0in
12pt; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">Our intent is to ensure that 1) clear, accurate guidance on CA expectations is provided and 2) any resources assisting CAs in meeting these expectations are fully described, publicly available (somewhere)
 and with reliable links provided. The language below, we feel, meets the first requirement. We'd appreciate input on how to best meet the second. (Note that</span><span class="" style="font-family:Calibri,sans-serif"> </span><span class="" style="font-family:Calibri,sans-serif"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__ssl.com_%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3Dj-4qIhXvNMe9dfS8B8CWq0sSP-IOQRNSRmpjiPXIFZw%26m%3DJnxStoHpP62BM2-15Vtby3qBQbCdQrSyCNPjVNH_IS8%26s%3DSGnteTNpPS1X4ickvt5qbC2WDrpValWXK42R9uvwO04%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=BdpIZwkhGtqK0DYa00gdCBy7KfM8E3dkaXsi0eb1MSI%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=http-3A__ssl.com_&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=j-4qIhXvNMe9dfS8B8CWq0sSP-IOQRNSRmpjiPXIFZw&m=JnxStoHpP62BM2-15Vtby3qBQbCdQrSyCNPjVNH_IS8&s=SGnteTNpPS1X4ickvt5qbC2WDrpValWXK42R9uvwO04&e=" shash="Ws2VYBBH3oDVeCQW6jjzL4cjmpvuJMgT1XW2pqmFEZ9zKN2NGvU060o1RNXwsMdM2xAECXywgW3jzBGWdcRGoZxrUogYTOBWG8DYz/1h4Qr2cMWZDsfaBClSlcHOOW33nMi5EWQEFjd1ess1wGBG1igk/du5nnVHA8F1Qt9L44w=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">SSL.com</a></span><span class="" style="font-family:Calibri,sans-serif"> </span><span class="" style="font-family:Calibri,sans-serif">would
 be happy to support the community by hosting any of these as publicly accessible resources, whether solo or alongside other organizations.)</span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">Chris K</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in
                                                          0in
12pt; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__ssl.com_%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3Dj-4qIhXvNMe9dfS8B8CWq0sSP-IOQRNSRmpjiPXIFZw%26m%3DJnxStoHpP62BM2-15Vtby3qBQbCdQrSyCNPjVNH_IS8%26s%3DSGnteTNpPS1X4ickvt5qbC2WDrpValWXK42R9uvwO04%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138428585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=BdpIZwkhGtqK0DYa00gdCBy7KfM8E3dkaXsi0eb1MSI%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=http-3A__ssl.com_&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=j-4qIhXvNMe9dfS8B8CWq0sSP-IOQRNSRmpjiPXIFZw&m=JnxStoHpP62BM2-15Vtby3qBQbCdQrSyCNPjVNH_IS8&s=SGnteTNpPS1X4ickvt5qbC2WDrpValWXK42R9uvwO04&e=" shash="Ws2VYBBH3oDVeCQW6jjzL4cjmpvuJMgT1XW2pqmFEZ9zKN2NGvU060o1RNXwsMdM2xAECXywgW3jzBGWdcRGoZxrUogYTOBWG8DYz/1h4Qr2cMWZDsfaBClSlcHOOW33nMi5EWQEFjd1ess1wGBG1igk/du5nnVHA8F1Qt9L44w=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">SSL.com</a></span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">=====</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">--- Motion Begins ---</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” as follows, based on Version 1.7.4:</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">Proposed ballot language:</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"><b class="" style="font-family:Calibri,sans-serif">4.9.1.1 Reasons for Revoking a Subscriber Certificate</b></span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">Replace:</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">4. The CA is made aware of a demonstrated or proven method that can easily compute the Subscriber’s Private Key based on the Public Key in the Certificate (such as a Debian weak key, see</span><span class="" style="font-family:Calibri,sans-serif"> </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwiki.debian.org-252FSSLkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987831575-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DpXeTXYoS8oYMQteThIRSdhISQokGG4nL-252BHSymGxAwPg-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DZtytHt-KbbrRxo2oN_oCa2ihhQEPcupL52pOSa3xs9U%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=d2kRFBPAK%2Bi3OvyvFLnkjXWuLVbWdIsVIdoouVCLw5U%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwiki.debian.org-252FSSLkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987831575-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DpXeTXYoS8oYMQteThIRSdhISQokGG4nL-252BHSymGxAwPg-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=ZtytHt-KbbrRxo2oN_oCa2ihhQEPcupL52pOSa3xs9U&e=" shash="MJUrr6CWTj5hiZIM+MiefDJA14/grwuFrS2dGaeAZm7yakekEL9O5LpnaR47kk7MZD8vOSObiGuPWGYnhFitbssCcsDJIkCj6TNjz5PVOWMM/nns4IG3quP8OL0RIC3MtPtlIsKaOGGN7HfFpQh60T3nwvKW2xbYmVXnPPX8dXM=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">https://wiki.debian.org/SSLkeys</a><span class="" style="font-family:Calibri,sans-serif">)</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">With:</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">4. The CA is made aware of a demonstrated or proven method that can easily compute the Subscriber’s Private Key (such as those identified in 6.1.1.3(4)).</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">---</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"><b class="" style="font-family:Calibri,sans-serif">6.1.1.3. Subscriber Key Pair Generation</b></span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">Replace:</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">The CA SHALL reject a certificate request if one or more of the following conditions are met:</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">1. The Key Pair does not meet the requirements set forth in Section 6.1.5 and/or Section 6.1.6;</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">2. There is clear evidence that the specific method used to generate the Private Key was flawed;</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">3. The CA is aware of a demonstrated or proven method that exposes the Applicant's Private Key to compromise;</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">4. The CA has previously been made aware that the Applicant's Private Key has suffered a Key Compromise, such as through the provisions of Section 4.9.1.1;</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">5. The CA is aware of a demonstrated or proven method to easily compute the Applicant's Private Key based on the Public Key (such as a Debian weak key, see</span><span class="" style="font-family:Calibri,sans-serif"> </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwiki.debian.org-252FSSLkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987831575-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DpXeTXYoS8oYMQteThIRSdhISQokGG4nL-252BHSymGxAwPg-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DZtytHt-KbbrRxo2oN_oCa2ihhQEPcupL52pOSa3xs9U%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=d2kRFBPAK%2Bi3OvyvFLnkjXWuLVbWdIsVIdoouVCLw5U%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwiki.debian.org-252FSSLkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987831575-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DpXeTXYoS8oYMQteThIRSdhISQokGG4nL-252BHSymGxAwPg-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=ZtytHt-KbbrRxo2oN_oCa2ihhQEPcupL52pOSa3xs9U&e=" shash="MJUrr6CWTj5hiZIM+MiefDJA14/grwuFrS2dGaeAZm7yakekEL9O5LpnaR47kk7MZD8vOSObiGuPWGYnhFitbssCcsDJIkCj6TNjz5PVOWMM/nns4IG3quP8OL0RIC3MtPtlIsKaOGGN7HfFpQh60T3nwvKW2xbYmVXnPPX8dXM=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">https://wiki.debian.org/SSLkeys</a><span class="" style="font-family:Calibri,sans-serif">).</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">With:</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">The CA SHALL reject a certificate request if one or more of the following occurs:</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">1) The requested Public Key does not meet the requirements set forth in Sections 6.1.5 and/or 6.1.6;</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">2) The CA is aware of a demonstrated or proven method that exposes the Subscriber's Private Key to compromise;</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">3) The CA has previously been made aware that the Subscriber's Private Key has suffered a Key Compromise, such as through the provisions of Section 4.9.1.1;</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">4) The Public Key corresponds to an industry demonstrated weak Private Key, in particular:</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">a) In the case of ROCA vulnerability, the CA SHALL reject keys identified by the tools available at</span><span class="" style="font-family:Calibri,sans-serif"> </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252Fcrocs-2Dmuni-252Froca-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987841531-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DpVWa4-252Fu9mO6gfEAN2FHOMx83i-252FGSUcG-252BfzyDoHm1xKs-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3D6j9rei_kmtaqpNr-93i7Jp1C7q5YNaJtJJ2z3Rn5FzE%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9xVAks%2Fm4isdquMQDP%2FogNZUCiciXophTY5eKOALEYg%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252Fcrocs-2Dmuni-252Froca-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987841531-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DpVWa4-252Fu9mO6gfEAN2FHOMx83i-252FGSUcG-252BfzyDoHm1xKs-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=6j9rei_kmtaqpNr-93i7Jp1C7q5YNaJtJJ2z3Rn5FzE&e=" shash="LqcKoEfJFcS8vHiSBwqamYqPYGoEfa2UEBZb2a5T5ZxJMy5CUACm8gihNTbVGqoGq9yugvMJZnjPTvdHDcXdJ6tO6PZKqCrTDnjohy0k+OJ+TZWJlwzdmK66BwXxGfDteUqA8p8yVVOBGX+H7QIYnTG0OCc/11J8dE7S9Ihu7Q0=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">https://github.com/crocs-muni/roca</a><span class="" style="font-family:Calibri,sans-serif"> </span><span class="" style="font-family:Calibri,sans-serif">or
 equivalent.</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">b) In the case of Debian weak keys (</span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwiki.debian.org-252FSSLkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987841531-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DfJSWwzvoeepBzwSexsg-252FFSKZKusdynxlt-252F1gItUiii0-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3D7VJmjfUviaQVQ3rIxm7xE-dFcYL1TLUk2yNWY4hFx0U%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=aPS6Ooo7DSWez0WXBrzhUSA%2F%2BffuiQ%2FEuG4pn97AzW4%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwiki.debian.org-252FSSLkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987841531-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DfJSWwzvoeepBzwSexsg-252FFSKZKusdynxlt-252F1gItUiii0-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=7VJmjfUviaQVQ3rIxm7xE-dFcYL1TLUk2yNWY4hFx0U&e=" shash="v1rTkzWbbBPaaJAusNSGHXDdUISEXXe8Dzwe+OVTR/6wKZtn2W5hHRgXA7HS+cu9QeNyEcpclM+ZQFTf5XNB1/cCulLSl2hkyxXKZvipu5KK66DHmqOzyVExIxhrck1H7R8WrOCkJ8oABVikdinjKgiC2fW2aolAHmBLyuxp0n8=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">https://wiki.debian.org/SSLkeys</a><span class="" style="font-family:Calibri,sans-serif">),
 the CA SHALL reject at least keys generated by the flawed OpenSSL version with the combination of the following parameters:</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">i) Big-endian 32-bit, little-endian 32-bit, and little-endian 64-bit architecture;</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">ii) Process ID of 0 to 32767, inclusive;</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">iii) All RSA Public Key lengths supported by the CA up to and including 4096 bits;</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">iv) rnd, nornd, and noreadrnd OpenSSL random file state.</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">For Debian weak keys not covered above, the CA SHALL take actions to minimize the probability of certificate issuance.</span><span class="" style="font-family:Calibri,sans-serif"> </span></div>
</div>
</div>
<div class="">
<p class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; vertical-align:baseline">
<span class="" style="font-family:Calibri,sans-serif">--- Motion Ends ---</span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
On 1/18/2021 3:34 PM, Rob Stradling wrote:</div>
</div>
</div>
<blockquote class="" style="margin-top:5pt; margin-bottom:5pt">
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">> I'm mid-way through generating the RSA-4096 keys.</span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">The RSA-4096 private keys and blocklists are now in<span class="" style="font-family:Calibri,sans-serif"> </span></span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fprivate-5Fkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987851488-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3Dt2XnHbMAXRIJHGzz-252BLi4gptSfi957l-252Fkz5fcaUc4PxA-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DiSbz-XCr-uFk_7Y8gJ0DA2ii9QYdRcBI5WcrvGeE55Q%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=tf0o%2BhpgqvUi%2F3hq8d5t3mZV6rRW7LsOhsTW1sAL5a0%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fprivate-5Fkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987851488-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3Dt2XnHbMAXRIJHGzz-252BLi4gptSfi957l-252Fkz5fcaUc4PxA-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=iSbz-XCr-uFk_7Y8gJ0DA2ii9QYdRcBI5WcrvGeE55Q&e=" shash="mOCbULDSgKGQWzLDjOrK1BJj52y6EqjqUn2/72L74HmRjh2uURmg0sEnVXo1KyHaj/ZZQgPCm2/NSuupER1ZOCKVKT3Wm2U9XI0sqzZVMcVtmIGi6k3jI4U3bg92XNkMjAkK1UNIMxlKLHT/Wy4frRWcqUqXXyA5VwP9DgykzKo=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/CVE-2008-0166/private_keys</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> and</span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fopenssl-5Fblocklists-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987851488-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3D-252B-252Fmznq3F0GbWZjrE1G08DqSXBOxYTLtIF1l7pLatjoU-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG%25207RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3D-tHYY-qeEG6kULte0FSWXNcttvh6n3BUnjh8PTDXi-c%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=jrfS2naTgqVii3DvZN%2FUE0%2BICgMHuJibQSTBwWD4LrI%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fopenssl-5Fblocklists-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987851488-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3D-252B-252Fmznq3F0GbWZjrE1G08DqSXBOxYTLtIF1l7pLatjoU-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG%207RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=-tHYY-qeEG6kULte0FSWXNcttvh6n3BUnjh8PTDXi-c&e=" shash="MXbClqHZDFeA5d4kYxKRFCPRBeybFNfS5prN0MOxlFPsAEdyGtmO0MvAiZnEEOuXCsqoXh9bc/2bUAtkJU546KNNBmf6WcGB/789ES9S6Xa+fFgXrA/WaoXL32SUbWhY/UKfhM4Z9fXqHWWo9kUsII+mvVVf40B9xcy1A3jFv2g=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/CVE-2008-0166/openssl_blocklists</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">.</span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">The RSA-2048 and RSA-4096 private keys in </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FHARICA-2Dofficial-252Fdebian-2Dweak-2Dkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987861437-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DFb5kG1Ob413KX19BP-252B37xpIahSiKi2FIZ5NfuZ-252FkuPU-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3D_lfhBqavAtNpmBCedDWRhR5JY_praNbAngJx0m7i14E%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=iaHoVWVv%2FmSqWP3crVTZrGW1PJtgEo2PywhSlrEbYfY%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FHARICA-2Dofficial-252Fdebian-2Dweak-2Dkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987861437-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DFb5kG1Ob413KX19BP-252B37xpIahSiKi2FIZ5NfuZ-252FkuPU-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=_lfhBqavAtNpmBCedDWRhR5JY_praNbAngJx0m7i14E&e=" shash="T4gaG+e74h5XWqO4CpI4ceuvVZwwMBr8JngTlVDoThwDhva1lxNuFzn9epttlo14GelIYBvb9CIYP0TB2JChux8T4+bI+GKxlbU/ikYPzgzZcNkfomI8IWwhwAa0kRi1a0/3pDgysAyHMVpk0WgbZhQOqkFh+E+7PcEPiCQkR2Q=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/HARICA-official/debian-weak-keys</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> (which
 only covers 2 of the 3 word size / endianness combinations) are identical to the equivalents in </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fprivate-5Fkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987861437-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DoDDkulWGG70BklQLLMR0GsX-252FRIy20y-252FKtw9gGijGyhE-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DyAkqXLZo2IvXlCZvKvbFvweWp1zicZGNjpQ-S6gHQbY%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=yLJiKMlJm%2ButlTC%2BSQcDB95z74QETOR7ogPZn1BcjyE%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fprivate-5Fkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987861437-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DoDDkulWGG70BklQLLMR0GsX-252FRIy20y-252FKtw9gGijGyhE-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=yAkqXLZo2IvXlCZvKvbFvweWp1zicZGNjpQ-S6gHQbY&e=" shash="tzdsa0Y/GpoLeICyYNc15Dt/3eVQ+YWXF4zKNp4bzH2njQ4zldcZ/bGygVh3fjWNPtpG+hDYdt4kfmQZtgWCk+3xWGUnvp7fni8kTwgglbTeHkrLOYltKT4gs8pG/Qh0dzcFLvy4CA5C+6oPHLMAaAonW4eHD+758D41HNo0hU0=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/CVE-2008-0166/private_keys</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">.</span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="" align="center" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; text-align:center">
<hr class="" width="98%" size="2" align="center" style="font-family:Calibri,sans-serif">
</div>
<div id="x_m_-5641879633787292213m_-1239830060004810024x_x_x_x_x_x_x_divRplyFwdMsg" class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif">From:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Dimitris Zacharopoulos (HARICA)<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:dzacharo@harica.gr" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><dzacharo@harica.gr></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b><span class="" style="font-family:Calibri,sans-serif"> </span>14 January 2021 18:39<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Rob Stradling<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:rob@sectigo.com" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><rob@sectigo.com></a>;
 CA/B Forum Server Certificate WG Public Discussion List<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:servercert-wg@cabforum.org" rel="noopener noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><servercert-wg@cabforum.org></a>;
 Jacob Hoffman-Andrews<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:jsha@letsencrypt.org" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><jsha@letsencrypt.org></a>;
 Christopher Kemmerer<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:chris@ssl.com" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><chris@ssl.com></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
</div>
</div>
<div class="">
<div class="" style="border:1pt
                                                          solid
                                                          black; padding:2pt">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; line-height:12pt; background-color:rgb(250,250,3)">
<span class="" style="font-size:10pt; font-family:Calibri,sans-serif; color:black">CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.</span></div>
</div>
</div>
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
On 14/1/2021 12:30 π.μ., Rob Stradling wrote:</div>
</div>
</div>
<blockquote class="" style="margin-top:5pt; margin-bottom:5pt">
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Thanks Dmitris.</span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">So far I've generated the RSA-2048 and RSA-3072 keys using<span class="" style="font-family:Calibri,sans-serif"> </span></span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fkey-5Fgenerator-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987871399-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3D4kKGwenlWGRmGjkIWofWWWnykgyNAgmJj1knMJ9PFz4-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DNAsWm8iu6UPJcqogRr7ZHylAINg9o87jFWyCbM_GxlE%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=LT3InVgcq0e0uIhxJWv2lWbeF0RmDHTGIVfHfIEkn8M%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fkey-5Fgenerator-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987871399-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3D4kKGwenlWGRmGjkIWofWWWnykgyNAgmJj1knMJ9PFz4-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=NAsWm8iu6UPJcqogRr7ZHylAINg9o87jFWyCbM_GxlE&e=" shash="QeM7yPs4sUtAWQmoLQ+xX2ekKOG2ki18ipL/J07vUfRoifMGeKtXeeu6+zOyh4GBEGabL7tF7F54aKZIhji/QoiNvIHwglq1dYe/rql1TbJjZdnbu1MrLu8OOwvlgi0vSvrKU6t9yS8n6qZhvT7094s+tDH/Qi3/YvNv3fdH+Gw=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/CVE-2008-0166/key_generator</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> and
 uploaded them to<span class="" style="font-family:Calibri,sans-serif"> </span></span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fprivate-5Fkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987871399-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DDS2Fb707J-252BWD3UlBsOMtUWBl-252B5JkoU3S9twMJn8eSps-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DwLahGmkoShePVAd3354Vg-KIUIG_bUnevY1465It5Jk%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=jPA32ATc3uvB6wvCTLsuR5AtlYnbPJipuiNILY30bts%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fprivate-5Fkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987871399-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DDS2Fb707J-252BWD3UlBsOMtUWBl-252B5JkoU3S9twMJn8eSps-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=wLahGmkoShePVAd3354Vg-KIUIG_bUnevY1465It5Jk&e=" shash="PGrrtAfbHwsb/KK3hyEmJsUUv1Fb+iGouti/NUU4oaPbMRSd/3h/u49c0O2VttD48gf7Ep37y0Qzd3hcQYUGm97xgvfLjM6Yp9k237FYF96M7IPGFt+sD6hiBDe9Sdkjc8XSGafN5wRT3u1O09DzYdDPSSwUFdjeYa61qKlL+mk=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/CVE-2008-0166/private_keys</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">,
 and I've generated the corresponding blocklists and uploaded them to<span class="" style="font-family:Calibri,sans-serif"> </span></span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fopenssl-5Fblocklists-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987871399-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DJtYLdAD8pwpvivoIfMXAeEjofoK0FqoijWEb4Sc9OV4-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DNrxlbUT4xWxoifiZhepNwMg-9wFwdQwvVmKKxNVBuk8%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rLjvpjCk6sEPJa3LXorIntztgiF4VRiC0dtf%2BkbJIsA%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FCVE-2D2008-2D0166-252Fopenssl-5Fblocklists-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987871399-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DJtYLdAD8pwpvivoIfMXAeEjofoK0FqoijWEb4Sc9OV4-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=NrxlbUT4xWxoifiZhepNwMg-9wFwdQwvVmKKxNVBuk8&e=" shash="apvL8t0VUO/OOZf20vshoNd/JEi17KdzsVCM6bkbKKqt6tKsl2aDqjhAhgyNkv2HoOG5LRI3AmCa+sILKukq2ZWY3qIbQTty4QTkzXH8tB4Ic6pjLD8reqi3g1Ph9DfiM5uThiGXHrDKergT6KRzScgUkpxlnzSdMqFMl5FiJZs=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://github.com/CVE-2008-0166/openssl_blocklists</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">. 
 My RSA-2048 blocklists exactly match the ones from the original Debian openssl-blacklist package.</span></div>
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">I'm mid-way through generating the RSA-4096 keys.</span></div>
</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Let's compare keys when we're both done. <span class="" style="font-family:Calibri,sans-serif"> </span></span><span class="" style="">🙂</span></div>
</div>
</div>
</blockquote>
<div class="">
<p class="" style="margin:0in
                                                          0in
                                                          12pt; font-size:11pt; font-family:Calibri,sans-serif">
<br class="">
Certainly :-) the RSA-2048 keys already match the fingerprints from the openssl-blacklist Debian package.<br class="">
<br class="">
We did this work several months ago but never found the time to make it publicly available. We managed to break down the big task and run jobs in parallel which made things a bit more interesting.<br class="">
<br class="">
It's nice we did this independently, I guess it increases the accuracy level of the resulted keys :)<br class="">
<br class="">
<br class="">
Cheers,<br class="">
Dimitris.</p>
</div>
<blockquote class="" style="margin-top:5pt; margin-bottom:5pt">
<div class="">
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span><br class="x_webkit-block-placeholder">
</div>
</div>
<div class="" align="center" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; text-align:center">
<hr class="" width="98%" size="2" align="center" style="font-family:Calibri,sans-serif">
</div>
<div id="x_m_-5641879633787292213m_-1239830060004810024x_x_x_x_x_x_x_x_divRplyFwdMsg" class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif">From:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Dimitris Zacharopoulos (HARICA)<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:dzacharo@harica.gr" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><dzacharo@harica.gr></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b><span class="" style="font-family:Calibri,sans-serif"> </span>13 January 2021 21:49<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Rob Stradling<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:rob@sectigo.com" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><rob@sectigo.com></a>;
 CA/B Forum Server Certificate WG Public Discussion List<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:servercert-wg@cabforum.org" rel="noopener noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><servercert-wg@cabforum.org></a>;
 Jacob Hoffman-Andrews<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:jsha@letsencrypt.org" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><jsha@letsencrypt.org></a>;
 Christopher Kemmerer<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:chris@ssl.com" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><chris@ssl.com></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys</div>
</div>
<div class="">
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
</div>
</div>
<div class="">
<div class="" style="border:1pt
                                                          solid
                                                          black; padding:2pt">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; line-height:12pt; background-color:rgb(250,250,3)">
<span class="" style="font-size:10pt; font-family:Calibri,sans-serif; color:black">CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.</span></div>
</div>
</div>
<div class="" style="margin-right:0in; margin-left:0in; font-size:11pt; font-family:Calibri,sans-serif">
 <br class="x_webkit-block-placeholder">
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
Dear friends,<br class="">
<br class="">
HARICA has generated the weak keys (RSA 2048 and 4096 bit lengths) from the vulnerable openssl package. We will generate 3072 bit keys as well and add them soon. The methodology is described in the following GitHub repo along with the produced keys:</div>
</div>
<ul class="" type="disc" style="margin-bottom:0in; margin-top:0in">
<li class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FHARICA-2Dofficial-252Fdebian-2Dweak-2Dkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987881346-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3D61WsoKxsDa5-252FjBab75Y-252FZG4PbcoE3RVkCWg-252BsfY2Aww-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DdWL9G_dD07M3-kQ4faHXjdMzoGF9wF5hEGlN2IrPwiA%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=NyFkk%2FTW60klwvDoqLyDV7iW08hWIZQlKGvTd7KqdD0%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252FHARICA-2Dofficial-252Fdebian-2Dweak-2Dkeys-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987881346-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3D61WsoKxsDa5-252FjBab75Y-252FZG4PbcoE3RVkCWg-252BsfY2Aww-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=dWL9G_dD07M3-kQ4faHXjdMzoGF9wF5hEGlN2IrPwiA&e=" shash="yZHyo++v63TovndelJPn+6RoyTfIs7e0t4H8oX8/cRRj5bFHpc7OApUrrEbQ7GeLg0vEJwOPtajtkLMmV77Vp/1826zbU83+op+7DaHcHcqNwQ4aorMgijMNXaHAVCx4e6HpcXa9uOf1nKjk+FuY/HZ9Em5el/2sl9h+TTgKLoY=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif">https://github.com/HARICA-official/debian-weak-keys</a></li></ul>
<p class="" style="font-size:11pt; font-family:Calibri,sans-serif; margin-right:0in; margin-bottom:12pt; margin-left:0in">
Please review and let us know if you spot any issues or problems with our approach and methodology.<br class="">
<br class="">
As always, please use other people's work at your own risk.<br class="">
<br class="">
<br class="">
Dimitris.</p>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
On 7/1/2021 2:25 μ.μ., Rob Stradling via Servercert-wg wrote:</div>
</div>
</div>
<blockquote class="" style="margin-top:5pt; margin-bottom:5pt">
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">I've used crt.sh to produce a survey of key algorithms/sizes in currently unexpired, publicly-trusted server certificates:</span></div>
</div>
</div>
<div class="">
<p class="" style="font-size:11pt; font-family:Calibri,sans-serif; margin:0in"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgist.github.com-252Frobstradling-252Fa5590b6a13218fe561dcb5d5c67932c5-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987881346-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3D4qveGxYahVQ6FbihVosw69bsGUs7hG1ytgI6YLxqYbY-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3D0JiuTeERFFPZRGiB5foBRJZ5kJjHk51DCLjQbBVwSxc%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=upd6BfXAGebllM%2FdF4lYUUX10GXxnIdreS4gE1pLfZ0%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgist.github.com-252Frobstradling-252Fa5590b6a13218fe561dcb5d5c67932c5-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987881346-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3D4qveGxYahVQ6FbihVosw69bsGUs7hG1ytgI6YLxqYbY-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=0JiuTeERFFPZRGiB5foBRJZ5kJjHk51DCLjQbBVwSxc&e=" shash="ptZCHEUNDfKVEBvgaVNkUG9olLr2Ov8mV2WStdfGyQMaU6Y4teSKu/QMfk0+zD/JNC1aEi+6mfXZKh/3jPYXJZ2/i72P9RQ/eeLky/Dfj2PQwbtWgrh2lvho8x1y1emt2PGOhpIzMCb7AiYqHP5TKGkSv39mAB6vLHa196D9a9k=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://gist.github.com/robstradling/a5590b6a13218fe561dcb5d5c67932c5</span></a></div>
</div>
</div>
<div class="">
<div class="">
<p class="" style="font-size:11pt; font-family:Calibri,sans-serif; margin:0in"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">The four most popular choices are no surprise: RSA-2048, P-256, RSA-4096, and P-384.  openssl-blacklist covers RSA-2048 and RSA-4096, and ECC keys are implicitly not Debian weak keys.</span></div>
</div>
</div>
<div class="">
<p class="" style="font-size:11pt; font-family:Calibri,sans-serif; margin:0in"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Fifth most popular is RSA-3072, with over 3 million unexpired, publicly-trusted server certs.  openssl-blacklist doesn't cover RSA-3072, but ISTM that this is a key size that CAs will want
 to permit.</span></div>
</div>
</div>
<div class="">
<p class="" style="font-size:11pt; font-family:Calibri,sans-serif; margin:0in"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<span class="" style="font-size:12pt; font-family:Calibri,sans-serif">Some of the lesser used key sizes are mostly likely due to Subscriber typos (e.g., 2408 and 3048 were probably intended to be 2048, 4048 was probably intended to be either 2048 or 4096, etc),
 but some of the other ones look like they were deliberately chosen (e.g., 2432 is 2048+384).  Is it worth generating Debian weak keys/blocklists for any of these key sizes?</span></div>
</div>
</div>
<div class="">
<p class="" style="font-size:11pt; font-family:Calibri,sans-serif; margin:0in"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fnvlpubs.nist.gov-252Fnistpubs-252FSpecialPublications-252FNIST.SP.800-2D57pt1r5.pdf-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987891313-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DrG1bgcAgL7P3RtCaCJ0cZTcYPkcUhTlsR4J6ulGFgso-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3DzehaaELHzHzxLDM3dCTeAYaSLMufH4svdbHT74RDcq0%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Nrh1rczreNVDq60sxvIGDF2%2BpwyitM5viMCfDDyB%2FDQ%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fnvlpubs.nist.gov-252Fnistpubs-252FSpecialPublications-252FNIST.SP.800-2D57pt1r5.pdf-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987891313-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DrG1bgcAgL7P3RtCaCJ0cZTcYPkcUhTlsR4J6ulGFgso-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=zehaaELHzHzxLDM3dCTeAYaSLMufH4svdbHT74RDcq0&e=" shash="gITdSYvnKNWqwc9GnubB8mkGY/6oAcFraANW+1ZVfr5J15EdqRj0uaB/J0MocaIHYzlpteeDjs02ELM6wseERmTVxrUm0tnHd885bB2uFvsr/+SC+DsMarCjmRUoTY/2AwZxZBW966mmJ3XobEMNkPkLShRFO2UoXkuGMQDnIro=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> (Table
 4, p59) permits RSA-2048 until the end of 2030, whereas </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.sogis.eu-252Fdocuments-252Fcc-252Fcrypto-252FSOGIS-2DAgreed-2DCryptographic-2DMechanisms-2D1.2.pdf-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987891313-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DgCbutfTj362g-252BHqbrbYgcpm5etqbhCvUFpp8E2UYinE-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DfMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE%26s%3D2FZ19CpL6_a-dWd0zh1d-4HiMpn4pWyZ0lsH3f1k140%26e%3D&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=PlTYL%2FC9%2BUw3Y8lp3GpW7HzuYNCv%2FQKqpOlDyXgptJg%3D&reserved=0" originalsrc="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.sogis.eu-252Fdocuments-252Fcc-252Fcrypto-252FSOGIS-2DAgreed-2DCryptographic-2DMechanisms-2D1.2.pdf-26data-3D04-257C01-257Crob-2540sectigo.com-257Ca8c9d97cd4114ebf508708d9930d343d-257C0e9c48946caa465d96604b6968b49fb7-257C0-257C0-257C637702508987891313-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-26sdata-3DgCbutfTj362g-252BHqbrbYgcpm5etqbhCvUFpp8E2UYinE-253D-26reserved-3D0&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=fMDCutmeJbXlHHWIZLMy2UAZB79bm_AVGAAADmUsNAE&s=2FZ19CpL6_a-dWd0zh1d-4HiMpn4pWyZ0lsH3f1k140&e=" shash="hl7USGKIhUJs4UBWxe80mKTjTi9w6NkOI+hE5S0qkqFUvqwtUI0Pe57ivTMNxEzgmGKKRbDvhBd8qVF8z5I/sjC9H1oaDhAe86YWuCFDZ+sFtyjfJ0plB8TDHR7NnxYxGgy+M9U2IonOfzrg3QsPJmybnb3PLmFqlvHCU1jhQAI=" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif">https://www.sogis.eu/documents/cc/crypto/SOGIS-Agreed-Cryptographic-Mechanisms-1.2.pd
 f</span></a><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> permits RSA-2048 only until the end of 2025.  It is of course possible that quantum computing will render RSA obsolete before Subscribers need to think about which larger RSA
 keysize they want to migrate to; however, it seems prudent to also plan for the possibility that RSA will survive and that some other RSA keysize(s) might become popular.</span></div>
</div>
</div>
<div class="">
<p class="" style="font-size:11pt; font-family:Calibri,sans-serif; margin:0in"><span class="" style="font-size:12pt; font-family:Calibri,sans-serif"> </span></p>
</div>
<div class="" align="center" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; text-align:center">
<hr class="" width="98%" size="2" align="center" style="font-family:Calibri,sans-serif">
</div>
<div id="x_m_-5641879633787292213m_-1239830060004810024x_x_x_x_x_x_x_x_x_divRplyFwdMsg" class="">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif">
<b class="" style="font-family:Calibri,sans-serif">From:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Servercert-wg<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:servercert-wg-bounces@cabforum.org" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><servercert-wg-bounces@cabforum.org></a><span class="" style="font-family:Calibri,sans-serif"> </span>on
 behalf of Rob Stradling via Servercert-wg<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:servercert-wg@cabforum.org" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><servercert-wg@cabforum.org></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Sent:</b><span class="" style="font-family:Calibri,sans-serif"> </span>06 January 2021 16:08<br class="">
<b class="" style="font-family:Calibri,sans-serif">To:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Jacob Hoffman-Andrews<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:jsha@letsencrypt.org" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><jsha@letsencrypt.org></a>;
 Christopher Kemmerer<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:chris@ssl.com" rel="noopener
                                                          noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><chris@ssl.com></a>;
 CA/B Forum Server Certificate WG Public Discussion List<span class="" style="font-family:Calibri,sans-serif"> </span><a href="mailto:servercert-wg@cabforum.org" rel="noopener noreferrer" target="_blank" class="" style="font-family:Calibri,sans-serif"><servercert-wg@cabforum.org></a><br class="">
<b class="" style="font-family:Calibri,sans-serif">Subject:</b><span class="" style="font-family:Calibri,sans-serif"> </span>Re: [Servercert-wg] SCXX Ballot proposal: Debian Weak keys</div>
</div>
<div class="">
<p class="" style="font-size:11pt; font-family:Calibri,sans-serif; margin:0in"> </p>
</div>
</div>
<div class="">
<div class="" style="border:1pt
                                                          solid
                                                          black; padding:2pt">
<div class="">
<div class="" style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; line-height:12pt; background-color:rgb(250,250,3)">
<span class="" style="font-size:10pt; font-family:Calibri,sans-serif; color:black">CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.</span></div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<br>
<fieldset class="x_moz-mime-attachment-header"></fieldset>
<pre class="x_moz-quote-pre">_______________________________________________
Servercert-wg mailing list
<a class="x_moz-txt-link-abbreviated" href="mailto:Servercert-wg@cabforum.org">Servercert-wg@cabforum.org</a>
<a class="x_moz-txt-link-freetext" href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=04%7C01%7Crob%40sectigo.com%7C0fc747f6575d439bb8fa08da1324bc86%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637843347138584797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=LcBfZz%2Faj7AuUpJoGj6NZFN45WfccqKAkk3P68n1JPA%3D&reserved=0" originalsrc="https://lists.cabforum.org/mailman/listinfo/servercert-wg" shash="yzLww0/bkUl0QUDZeHqA4U00aHGhI15p+20M6TmrKPDbIGb+pK/XrLCXMxS15PGuG84iD5DC2PkqplyveKXldbBjTfYonaQuYyJIrgTJJCtQadtjShX8/REzYfdcPyBaO9Ey9CPFuDnJreVcvduXVzs0pXq6XXFp7/Z2Uq8+VAA=">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
</blockquote>
</div>
</div>
</body>
</html>