[Servercert-wg] SC-59 Weak Key Guidance
Aaron Gable
aaron at letsencrypt.org
Fri May 26 21:25:44 UTC 2023
Hi Tom,
Thanks for your replies!
On Fri, May 26, 2023 at 1:46 PM Tom Zermeno <tom at ssl.com> wrote:
> Finally, regarding the phrasing of the Close Primes Vulnerability, we used
> the phrase “weak keys identified within 100 rounds using Fermat’s
> factorization method,“ to stress the importance that the CA actually
> perform the computations to discover such weak keys.
>
My only concern here is that the language feels like it offers a loophole:
if the CA *doesn't* actually perform the computations themselves, then the
weak key hasn't been identified, and they're allowed to issue for it!
That's why I recommend using the "which *can be* identified..." language:
it doesn't actually matter how the CA identifies that a key is weak to
Fermat factorization, all that matters is that they detect all possible
keys.
Thanks again,
Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230526/4065ed91/attachment.html>
More information about the Servercert-wg
mailing list