Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Sep 2006 09:46:26 -0400
From:      Bill Moran <>
To:        Colin Percival <>
Cc:        freebsd security <>,
Subject:   Re: Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:23.openssl
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
In response to Colin Percival <>:

> Bill Moran wrote:
> > Can anyone define "exceptionally large" as noted in this statement?:
> > 
> > "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by
> > prohibiting the use of exceptionally large public keys.  It is believed
> > that no existing applications legitimately use such key lengths as would
> > be affected by this change."
> > 
> > It would be nice if "exceptionally large" were replaced with "keys in
> > excess of x bits in size" or something.  I don't expect that this will
> > affect me, but ambiguous statements like that make me uncomfortable.
> DH and DSA are limited to 10000 bits.  RSA is limited to 16400 or 4112 bits
> depending upon whether the public exponent is less or more than 72 bits.
> I wouldn't have allowed this change into the security branches if I was not
> very very confident that no applications would be affected by this.
> Colin Percival

I'm not questioning your ability to make these decisions, Colin.
Far, far from it.

I'm the type that is made uncomfortable by any statement that reads
_anything_ like "don't worry, we've taken care of it."  

Take that email as two separate statements:
1) I'm curious as to exactly how big "exceptionally large" is.
2) I think this security advisory could be improved by including the
   answer to #1.

Thanks for the quick response, and all the work you do.

Bill Moran
Collaborative Fusion Inc.

Want to link to this message? Use this URL: <>