1. A recent cryptography paper has announced a threat to
RSA certificates where those certificates use a particular
form (known as e=3 for crypto reasons).
Ref: http://www.cdc.informatik.tu-darmstadt.de/securebrowser/
2. CACert formed a task force to deal with this issue,
and searched all certs that we issued. We discovered:
a. 414 user certs have this characteristic of e=3.
b. No root or intermediate certs have e=3.
3. We will write to all users with these certs and advise
them to revoke and re-issue.
4. At this stage, we believe the threat of attack to be
low. For this reason we have decided to not revoke the
certificates preemptively.
5. However, if:
a. you are using the certificate for high value purposes,
b. you are in an environment where you may expect to be
attacked aggressively,
c. your software or the software of your users is not
kept up to date nor patched
d. there is a potential attack involving tricking a user
with a bogus RSA signature,
then you may be more at risk. If you think so, we suggest
you revoke the current certificate if e=3, and re-issue
using the normal CAcert website processes.
6. The CAcert risk team is watching the situation and may
choose at some stage to revoke those certificates preemptively.
7. We expect other CAs to take similar steps. This is an
industry wide security situation, and many companies are
evaluating the fallout from the announced weakness.
8. The software packages that are known to be affected to day are:
OpenSSL < 0.9.8c, Firefox < 1.5.0.7, Opera < 9.02, Netscape,
More references:
http://www.mail-archive.com/cryptography%40metzdowd.com/msg06537.html
http://www.openssl.org/news/secadv_20060905.txt