[Servercert-wg] SC-59 Weak Key Guidance

Aaron Gable aaron at letsencrypt.org
Fri May 26 21:25:44 UTC 2023

Hi Tom,

Thanks for your replies!

On Fri, May 26, 2023 at 1:46 PM Tom Zermeno <tom at ssl.com> wrote:

> Finally, regarding the phrasing of the Close Primes Vulnerability, we used
> the phrase “weak keys identified within 100 rounds using Fermat’s
> factorization method,“ to stress the importance that the CA actually
> perform the computations to discover such weak keys.
My only concern here is that the language feels like it offers a loophole:
if the CA *doesn't* actually perform the computations themselves, then the
weak key hasn't been identified, and they're allowed to issue for it!
That's why I recommend using the "which *can be* identified..." language:
it doesn't actually matter how the CA identifies that a key is weak to
Fermat factorization, all that matters is that they detect all possible

Thanks again,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230526/4065ed91/attachment.html>

More information about the Servercert-wg mailing list