<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.m-8659480676511600358paragraph, li.m-8659480676511600358paragraph, div.m-8659480676511600358paragraph
{mso-style-name:m_-8659480676511600358paragraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.m-8659480676511600358normaltextrun
{mso-style-name:m_-8659480676511600358normaltextrun;}
span.m-8659480676511600358eop
{mso-style-name:m_-8659480676511600358eop;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>I think I see your point, Aaron. I will bring this to my people for consideration. Thanks!<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>-Tom<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Aaron Gable <aaron@letsencrypt.org> <br><b>Sent:</b> Friday, May 26, 2023 4:26 PM<br><b>To:</b> Tom Zermeno <tom@ssl.com><br><b>Cc:</b> CA/B Forum Server Certificate WG Public Discussion List <servercert-wg@cabforum.org><br><b>Subject:</b> Re: [Servercert-wg] SC-59 Weak Key Guidance<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 align=left width="100%" style='width:100.0%'><tr><td style='background:#A6A6A6;padding:5.25pt 1.5pt 5.25pt 1.5pt'></td><td width="100%" style='width:100.0%;background:#EAEAEA;padding:5.25pt 3.75pt 5.25pt 11.25pt'><div><p class=MsoNormal style='mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly'><span style='font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#212121'>You don't often get email from <a href="mailto:aaron@letsencrypt.org">aaron@letsencrypt.org</a>. <a href="https://aka.ms/LearnAboutSenderIdentification">Learn why this is important</a><o:p></o:p></span></p></div></td><td width=75 style='width:56.25pt;background:#EAEAEA;padding:5.25pt 3.75pt 5.25pt 3.75pt;align:left'></td></tr></table><div><div><div><p class=MsoNormal>Hi Tom, <o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks for your replies!<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Fri, May 26, 2023 at 1:46 PM Tom Zermeno <<a href="mailto:tom@ssl.com">tom@ssl.com</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><div><p class=m-8659480676511600358paragraph style='vertical-align:baseline'><span class=m-8659480676511600358normaltextrun>Finally, regarding the phrasing of the Close Primes Vulnerability, we used the phrase “weak keys identified within 100 rounds using Fermat’s factorization method,“ to stress the importance that the CA actually perform the computations to discover such weak keys. </span><span class=m-8659480676511600358eop> </span><o:p></o:p></p></div></div></div></blockquote><div><p class=MsoNormal>My only concern here is that the language feels like it offers a loophole: if the CA *doesn't* actually perform the computations themselves, then the weak key hasn't been identified, and they're allowed to issue for it! That's why I recommend using the "which *can be* identified..." language: it doesn't actually matter how the CA identifies that a key is weak to Fermat factorization, all that matters is that they detect all possible keys.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks again,<o:p></o:p></p></div><div><p class=MsoNormal>Aaron <o:p></o:p></p></div></div></div></div></div></body></html>