[dns-operations] [Ext] Re: (struct DNSSEC_DNSKEY_RR *) Exponent lengths
Tony Finch
dot at dotat.at
Fri Aug 10 11:00:05 UTC 2018
Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> Adam Langley's advice to use e=3 (F_0) is clearly not getting much
> traction.
All the common tools use 65537 by default - BIND dnssec-keygen,
ldns-keygen, OpenSSL genrsa, OpenSSH ssh-keygen, gpg ... as a hedge
against another padding screwup like CVE-2006-4339.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
harness technological change to human advantage
More information about the dns-operations
mailing list