[43177] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Exponent 3 damage spreads...

daemon@ATHENA.MIT.EDU (Greg Rose)
Thu Sep 14 14:43:33 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <4508D43C.2080605@echeque.com>
Date: Thu, 14 Sep 2006 11:03:08 -0700
To: Cryptography <cryptography@metzdowd.com>
From: Greg Rose <ggr@qualcomm.com>
Cc: ggr@qualcomm.com

So, there is at least one top-level CA installed in some common 
browsers (I checked Firefox) that uses exponent-3. It is "Starfield 
Technologies Inc." "Starfield Class 2 CA". There may well be 
others... I only looked far enough to determine that that was a 
problem.

So the next question becomes, what browsers used OpenSSL and/or their 
own broken code, and need to be patched? I have no idea.

Thanks to Alex Gantman for asking the question...

Greg.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post