Exponent 3 damage spreads...
Greg Rose
ggr at qualcomm.com
Thu Sep 14 14:03:08 EDT 2006
So, there is at least one top-level CA installed in some common
browsers (I checked Firefox) that uses exponent-3. It is "Starfield
Technologies Inc." "Starfield Class 2 CA". There may well be
others... I only looked far enough to determine that that was a
problem.
So the next question becomes, what browsers used OpenSSL and/or their
own broken code, and need to be patched? I have no idea.
Thanks to Alex Gantman for asking the question...
Greg.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list