[dns-operations] [Ext] Re: (struct DNSSEC_DNSKEY_RR *) Exponent lengths

Tony Finch dot at dotat.at
Fri Aug 10 11:00:05 UTC 2018

Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:

> Adam Langley's advice to use e=3 (F_0) is clearly not getting much
> traction.

All the common tools use 65537 by default - BIND dnssec-keygen,
ldns-keygen, OpenSSL genrsa, OpenSSH ssh-keygen, gpg ... as a hedge
against another padding screwup like CVE-2006-4339.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
harness technological change to human advantage

More information about the dns-operations mailing list