[Servercert-wg] SC-59 Weak Key Guidance

[Tom Zermeno]

I think I see your point, Aaron. I will bring this to my people for consideration. Thanks!

 

-Tom

 

From: Aaron Gable <aaron at letsencrypt.org> 
Sent: Friday, May 26, 2023 4:26 PM
To: Tom Zermeno <tom at ssl.com>
Cc: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] SC-59 Weak Key Guidance

 

	
You don't often get email from aaron at letsencrypt.org <mailto:aaron at letsencrypt.org> . Learn why this is important <https://aka.ms/LearnAboutSenderIdentification> 

	

Hi Tom, 

 

Thanks for your replies!

 

On Fri, May 26, 2023 at 1:46 PM Tom Zermeno <tom at ssl.com <mailto:tom at ssl.com> > wrote:

Finally, regarding the phrasing of the Close Primes Vulnerability, we used the phrase “weak keys identified within 100 rounds using Fermat’s factorization method,“ to stress the importance that the CA actually perform the computations to discover such weak keys.  

My only concern here is that the language feels like it offers a loophole: if the CA *doesn't* actually perform the computations themselves, then the weak key hasn't been identified, and they're allowed to issue for it! That's why I recommend using the "which *can be* identified..." language: it doesn't actually matter how the CA identifies that a key is weak to Fermat factorization, all that matters is that they detect all possible keys.

 

Thanks again,

Aaron 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230526/135cff15/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6868 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230526/135cff15/attachment-0001.p7s>