<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Currently, opened.bml?openid.mode=getpubkey returns a DSA pubkey
in SSLeay format. This should probably be changed. This is a deprecated compat
format which has some issues….mostly, it has no hash or signature
associated with it so it’s easy to exploit a know DSA flaw. (replacing 2
of the parameters, getting a signature, deducing the private key from the
result). It should really give an x509 cert (which would allow DSA or RSA).
These are also much easier to work with as most DSA libraries don’t
support SSLeasy format PEM public keys (just sslway and openssl AFAIK and many openssl
wrappers don’t support it). Could lj start exporting a cert instead of a
DSA pubkey? It’s pretty easy to do so with openssl…there are many recipes
on the net for creating self-signed certs.</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>------------------------------</span></font></p>
<!--StartFragment -->
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>Trevor R.H. Clarke</span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><a href="mailto:tclarke@ball.com">tclarke at ball com</a></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>Ball Aerospace & Technologies Corp</span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span></font></p>
</div>
</body>
</html>