Hi, Thanks for that information.
On Mon, 16 Mar 2026 14:40:37 -0700 (PDT) Wayne <[email protected]> wrote: > Baseline Requirements only care that it's greater than 3 and not odd, > and all of these are above 65537 but I think it's worth documenting > the outliers given they are few and far between. For what it's worth: I think that should be changed and e=65537 should be enforced. (I actually think it was a mistake to begin with to make RSA over-configurable, and the exponent should just be a fixed value and not part of the key.) There are a number of potential RSA weaknesses both with very small RSA exponents (Coppersmith/Håstad attack, Bleichenbacher's Signature Forgery Attack, BERserk) and with small private exponents (Wiener's attack) - which automatically leads to a large public exponent. Having a standard e value of 65537 avoids all of those. Given that non-standard e values are so rare, it may be time to just remove them from the WebPKI ecosystem. -- Hanno Böck https://hboeck.de/ -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20260317072808.7c8286ea%40hboeck.de.
