Given the PQ transition, this seems like a particularly low value use of time, to fix something that doesn’t appear to be a problem.
On Tue, Mar 17, 2026 at 2:28 AM Hanno Böck <[email protected]> wrote: > Hi, > > Thanks for that information. > > On Mon, 16 Mar 2026 14:40:37 -0700 (PDT) > Wayne <[email protected]> wrote: > > > Baseline Requirements only care that it's greater than 3 and not odd, > > and all of these are above 65537 but I think it's worth documenting > > the outliers given they are few and far between. > > For what it's worth: I think that should be changed and e=65537 > should be enforced. (I actually think it was a mistake to begin with > to make RSA over-configurable, and the exponent should just be a fixed > value and not part of the key.) > > There are a number of potential RSA weaknesses both with very small RSA > exponents (Coppersmith/Håstad attack, Bleichenbacher's Signature > Forgery Attack, BERserk) and with small private exponents (Wiener's > attack) - which automatically leads to a large public exponent. > Having a standard e value of 65537 avoids all of those. > > > Given that non-standard e values are so rare, it may be time to just > remove them from the WebPKI ecosystem. > > -- > Hanno Böck > https://hboeck.de/ > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20260317072808.7c8286ea%40hboeck.de > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CACf5n7_MhmW4tP%3Dy-%2BpWhhzj5MkB5SbreaCaKWUN5HxjW83vDQ%40mail.gmail.com.
