[43177] in cryptography@c2.net mail archive
Re: Exponent 3 damage spreads...
daemon@ATHENA.MIT.EDU (Greg Rose)
Thu Sep 14 14:43:33 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <4508D43C.2080605@echeque.com>
Date: Thu, 14 Sep 2006 11:03:08 -0700
To: Cryptography <cryptography@metzdowd.com>
From: Greg Rose <ggr@qualcomm.com>
Cc: ggr@qualcomm.com
So, there is at least one top-level CA installed in some common
browsers (I checked Firefox) that uses exponent-3. It is "Starfield
Technologies Inc." "Starfield Class 2 CA". There may well be
others... I only looked far enough to determine that that was a
problem.
So the next question becomes, what browsers used OpenSSL and/or their
own broken code, and need to be patched? I have no idea.
Thanks to Alex Gantman for asking the question...
Greg.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com