Errors in CP and CPS


Continuing the discussion from Improving revocation : will Let's Encrypt support OCSP Must-staple?:


.“id-kp-emailProtection [RFC5280] maybe present. Other values shouldnotbe present”

Is this an hint that there maybe come s/mime certificates too ?

And an typo on the head of page 62:

“Curve P-521” “ansip384r1 ::= { iso(1) identified-organization(3) certicom(132) curve(0) 35 }”


The CA ensures that the public exponent of the RSA Keysfor aDV-SSL Certificates is in the range between 2 16+1 and 2256-1. The modulus are an odd number, not the power of a prime, and have no factors smaller than 752.

This can not be real ?

  1. The range “2 16+1” i think is missing some formular sign and 2256 looks also odd.
  2. If the RSA key have an prime factor 752 and less than 2^32 than you can put it to the trash bin.
    Here also 2^752 is meant.

Personally i think here need someone take an carefully look at all number and formulars.


As I said in the other thread: the emailProtection part was already mentioned in the first CP and even then the statement of LE was “not likely” or something like that… Nothing has changed since I assume.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.