fermat primes and dnssec-keygen bug?

Chris Thompson cet1 at cam.ac.uk
Wed Mar 7 15:49:14 UTC 2012

On Mar 7 2012, Bill Owens wrote:

>As Miek discovered, the hard way, .us also uses 2^32+1; my list didn't
>include TLDs so there may be others. I'll do another run over lunch today. . .

Based on a scan I did yesterday:

  All DNSKEYs in all TLDs use an RSA public exponent of 2^16+1 except for
  the following:

  com, net & edu  use 3 for all DNSKEYs
  gov             uses 3 for its KSK and active ZSKs, 2"32+1 for an idle ZSK
  cz              uses 2^16+1 for its KSK, 2^32+1 for its ZSK
  la my & us      use 2^32+1 for all DNSKEYs

Chris Thompson
Email: cet1 at cam.ac.uk

More information about the bind-users mailing list