This is a multi-part message in MIME format.

--Boundary_(ID_X7lG2orafCfxOCUULTnK1g)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT

Hello,



I have read the advisory an I am a bit puzzled regarding the there are
CAs using exponent 3 in wide use comment, I have tried to check and
could not found any CA using this exponent, all the CA's I have seen are
using 0x10001 (CA's I have generate by OpenSSL using default values,
world wide trusted CA's such as VeriSign and Thawte etc..), I understand
that specifying CA's using exponent 3 will give specific targets to
malicious people and that is defiantly not a good idea, how ever I would
like to try and better understand the range of the problem, are only
old CA's using exponent 3 ?



Could anyone elaborate some on this?



Regards,

Hagai,






--Boundary_(ID_X7lG2orafCfxOCUULTnK1g)
Content-type: text/html; charset=us-ascii
Content-transfer-encoding: 7BIT

="urn:schemas-microsoft-comfficeffice" xmlns:w="urn:schemas-microsoft-comffice:word" xmlns="http://www.w3.org/TR/REC-html40">

Hello,>>

> >

I have read the advisory an I am a bit puzzled regarding the
there are CAs using exponent 3 in wide use
comment, I have tried to check and could not found any CA using this exponent, all
the CA’s I have seen are using 0x10001 (CA’s I have generate by OpenSSL using
default values, world wide trusted CA’s such as VeriSign and Thawte etc..), I
understand that specifying CA’s using exponent 3 will give specific targets to malicious
people and that is defiantly not a good idea, how ever I would like to try and better
understand the range of the problem,  are only old CA’s using exponent 3 ? >>

> >

Could anyone elaborate some on this? >>

> >

Regards,>>

Hagai,>>

> >

> >

--Boundary_(ID_X7lG2orafCfxOCUULTnK1g)--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org