fermat primes and dnssec-keygen bug?

[Spain, Dr. Jeffry A.]

> Well, go argue with Adam Langly in the bug report I submitted (and Paul quoted in this thread).

You're making an argumentum ad verecundiam, which I can't reasonably pursue. In the bug report (http://code.google.com/p/go/issues/detail?can=2&start=0&num=100&q=&colspec=ID%20Status%20Stars%20Priority%20Owner%20Reporter%20Summary&groupby=&sort=&id=3161), Adam Langly (assuming that is who "agl" is) refers to the article "Ron was wrong, Whit is right" (http://eprint.iacr.org/2012/064.pdf). That article discusses RSA public exponents in section 3, and states that the exponent 2^127+3 is used in a small percentage public keys, a fact to which agl alludes in his post. It doesn't address the security implications of any particular public key exponent, other than a few cases of what appear to be RSA implementation errors. The article focuses mainly on problems with the RSA modulus, rather than the exponent. Based on the facts presented so far in this thread, I can't find support for your assertion that keys created with 'dnssec-keygen -e' are insecure. Please post any additional evidence you may have that would further the discussion. Thanks. Jeff.