[Servercert-wg] SC-59 Weak Key Guidance

Tom Zermeno tom at ssl.com
Fri May 26 21:27:26 UTC 2023

I think I see your point, Aaron. I will bring this to my people for consideration. Thanks!




From: Aaron Gable <aaron at letsencrypt.org> 
Sent: Friday, May 26, 2023 4:26 PM
To: Tom Zermeno <tom at ssl.com>
Cc: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] SC-59 Weak Key Guidance


You don't often get email from aaron at letsencrypt.org <mailto:aaron at letsencrypt.org> . Learn why this is important <https://aka.ms/LearnAboutSenderIdentification> 


Hi Tom, 


Thanks for your replies!


On Fri, May 26, 2023 at 1:46 PM Tom Zermeno <tom at ssl.com <mailto:tom at ssl.com> > wrote:

Finally, regarding the phrasing of the Close Primes Vulnerability, we used the phrase “weak keys identified within 100 rounds using Fermat’s factorization method,“ to stress the importance that the CA actually perform the computations to discover such weak keys.  

My only concern here is that the language feels like it offers a loophole: if the CA *doesn't* actually perform the computations themselves, then the weak key hasn't been identified, and they're allowed to issue for it! That's why I recommend using the "which *can be* identified..." language: it doesn't actually matter how the CA identifies that a key is weak to Fermat factorization, all that matters is that they detect all possible keys.


Thanks again,


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230526/135cff15/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6868 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230526/135cff15/attachment-0001.p7s>

More information about the Servercert-wg mailing list