-
-
Notifications
You must be signed in to change notification settings - Fork 602
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
urn:ietf:params:acme:error:badCSR: Error finalizing order :: invalid public key in CSR: key size not supported: 2176 #5110
Comments
Previously announced: https://community.letsencrypt.org/t/issuing-for-common-rsa-key-sizes-only/133839 |
alexzorin dixit:
Previously announced: https://community.letsencrypt.org/t/issuing-for-common-rsa-key-sizes-only/133839
Meh, they could have mailed the affected people.
But this is a reduction in security! If only three
keysizes are supported it gets easier to make
something like rainbow tables for all keys of that
one size.
Please reconsider.
|
We did mail the contact addresses on file for the affected subscribers, as noted in the last line of that post. Security experts do not currently believe that rainbow tables are a viable attack against RSA keys, especially not at the 3072- or 4096-bit key sizes which you could upgrade to. We spent a long time debating this decision, for exactly the reason you bring up, and so do not intend to reconsider it at this time. |
Aaron Gable dixit:
We did mail the contact addresses on file for the affected subscribers,
as noted in the last line of that post.
Hmm, I didn’t receive anything.
Security experts do not currently believe that rainbow tables are a
viable attack against RSA keys, especially not at the 3072- or 4096-bit
key sizes which you could upgrade to. We spent a long time debating
this decision, for exactly the reason you bring up, and so do not
intend to reconsider it at this time.
I see.
|
I got an error this month:
This s a regression; it normally works.
The text was updated successfully, but these errors were encountered: