A team lead by Arjen Lenstra used a new (not yet published) Observatory scan to find tens of thousands of TLS servers with readily factorizable weak keys:
https://eff.org/deeplinks/2012/02/researchers-ssl-observatory-cryptographic-vulnerabilities We will be working to try to let the affected server operators know that they need to make new keys. We will also try to contact the CAs that issued certificates for vulnerable keys, though in many cases this is hard to do in bulk, because CA certificates do not contain email addresses :(. I know there are many employees of CAs on this list. Please reply to Dan and I privately if you have a good contact address for your CA. It would be even more helpful if the CA-Browser Forum could send us a dictionary that maps either Issuer strings or AKIDs to contact email addresses. -- Peter Eckersley [email protected] Technology Projects Director Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993
