fermat primes and dnssec-keygen bug?
Bill Owens
owens at nysernet.org
Wed Mar 7 15:10:42 UTC 2012
On Wed, Mar 07, 2012 at 02:43:01PM +0000, Chris Thompson wrote:
> You can see the BEAAAA (2^30+3) ones in the DNSKEYs for dlv.isc.org as
> well as in a number of our own zones (which says either that the keys
> are oldish or that the versions of OpenSSL used are not as up to date
> as they probably ought to be).
Incidentally, I surveyed a number of domains for exponent choices a couple of weeks ago, just for fun. These have 2^30+3:
bolagsverket.se
isc.org
sba.gov
skatteverket.se
verksamt.se
And these have 2^32+1:
america.gov
applicationmanager.gov
berkeley.edu
bredbandskollen.se
com.de
com.my
edu.my
epages.com
eu.com
fbi.gov
fueleconomy.gov
gov.my
iis.se
lsu.edu
mimiaukce.cz
mimishop.cz
net.my
nic.cz
opm.gov
ornl.gov
stockholm.se
uk.com
usajobs.gov
us.com
usconsulate.gov
usembassy.gov
uspto.gov
webtrh.cz
Reading Michael Sinatra's account of how he set up berkeley.edu was what led me to look at the zkt tool, which hardcodes the -e flag.
As Miek discovered, the hard way, .us also uses 2^32+1; my list didn't include TLDs so there may be others. I'll do another run over lunch today. . .
Bill.
More information about the bind-users
mailing list