> From: owner-openssl-...@openssl.org On Behalf Of Stephan Mueller > Sent: Friday, November 14, 2014 15:00 <snip> > I agree allowing to choose an arbitrary e is not so good. However, what kind > of threats do you see when we would: > > - use 2**16+1 per default > > - allow 17 (-F4) as a legacy > F4 is 2**16+1=65535. 2**4+1=17 is F4 and is not currently supported in genrsa (but see next)
> - allow arbitrary e as long as they are odd and larger than 2**16-1 > > - disallow anything else. > Note genpkey already supports setting rsa_keygen_pubexp and is recommended for new uses over legacy genrsa as well as gendsa and ecparam -genkey . ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
