[dns-operations] [Ext] Re: (struct DNSSEC_DNSKEY_RR *) Exponent lengths

Paul Wouters paul at nohats.ca
Fri Aug 10 20:26:43 UTC 2018

On Fri, 10 Aug 2018, Tony Finch wrote:

> Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>> Adam Langley's advice to use e=3 (F_0) is clearly not getting much
>> traction.
> All the common tools use 65537 by default - BIND dnssec-keygen,
> ldns-keygen, OpenSSL genrsa, OpenSSH ssh-keygen, gpg ... as a hedge
> against another padding screwup like CVE-2006-4339.

Indeed, I remember that being the reason software switched to F4,
because it was hard to figure out if the openssl you were linked
against had this issue or not.


More information about the dns-operations mailing list