fermat primes and dnssec-keygen bug?
Chris Thompson
cet1 at cam.ac.uk
Wed Mar 7 15:49:14 UTC 2012
On Mar 7 2012, Bill Owens wrote:
[...]
>As Miek discovered, the hard way, .us also uses 2^32+1; my list didn't
>include TLDs so there may be others. I'll do another run over lunch today. . .
Based on a scan I did yesterday:
All DNSKEYs in all TLDs use an RSA public exponent of 2^16+1 except for
the following:
com, net & edu use 3 for all DNSKEYs
gov uses 3 for its KSK and active ZSKs, 2"32+1 for an idle ZSK
cz uses 2^16+1 for its KSK, 2^32+1 for its ZSK
la my & us use 2^32+1 for all DNSKEYs
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list