Exponent 3 damage spreads...

[Greg Rose]

So, there is at least one top-level CA installed in some common 
browsers (I checked Firefox) that uses exponent-3. It is "Starfield 
Technologies Inc." "Starfield Class 2 CA". There may well be 
others... I only looked far enough to determine that that was a 
problem.

So the next question becomes, what browsers used OpenSSL and/or their 
own broken code, and need to be patched? I have no idea.

Thanks to Alex Gantman for asking the question...

Greg.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com