Blake Ramsdell <blake(_at_)sendmail(_dot_)com> writes:
Unfortunately, this opens up a new can of worms for the security
considerations -- how do you specify the right combination of exponent and
modulus values for RSA that are a problem? Are there a similar set of giant
parameters that might be used with DSA?
I know that someone else on this list has looked at DoS-enabling parameters in
the past so maybe they'll want to comment, I've looked at this too and (for
example) feeding a DLP-based key exchange that expects g = 2 a value of g
that's something much, much larger than 2 (like 2^256 times larger), or an RSA
key where e is a bignum, can lead to disappointing effects at the other end.
(that is, you can trivially knock a server off the net with this... apologies
if I tried this on your server :-). Taking out an S/MIME gateway shouldn't be
much more difficult.
Having said that, my code checks for stupid parameter values and has never had
any (reported) problems with rejecting keys, so it seems quite possible to
restrict yourself to sensible/safe values without adverse side-effects.