[cryptography] Duplicate primes in lots of RSA moduli

Bodo Moeller bmoeller at acm.org
Thu Feb 16 07:03:19 EST 2012


>
> Isn't this a self-signature?
>

Oh, in this case it's a self-signature. Werner, the problem (aka feature)
is that expiry according to self-signatures isn't carried forward into
third-party certification signatures -- so if an attacker gets hold of the
(not-so-)private key, the attacker can just extend the key lifetime as
needed. (This is unlike with the original V3 format where certifications
necessarily cover the expiry date, and unlike X.509 where certifications
always come with *some* notAfter date.)

Bodo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120216/46d4f4b3/attachment.html>


More information about the cryptography mailing list