Re: ssl problems: gpg affected?
- Date: Thu, 15 May 2008 10:20:15 +0200
- From: Michal Čihař <nijel@xxxxxxxxxx>
- Subject: Re: ssl problems: gpg affected?
On Thu, 15 May 2008 08:09:02 +0200 Norbert Preining <preining@xxxxxxxx> wrote: > On Do, 15 Mai 2008, Steinar H. Gunderson wrote: > > No. Any key who had a single DSA signature created by the flawed version of > > OpenSSL should be considered compromised. DSA requires a secret, random > > Does this extend to gpg keys and its signatures? That would make quite > an impact. GnuPG does not use OpenSSL, so it should be safe. But generally it could be possible to use same key for both GnuPG and OpenSSL and then you would have a problem. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Attachment:
signature.asc
Description: PGP signature
- Follow-Ups:
- Re: ssl problems: gpg affected?
- From: Florian Weimer
- Re: ssl problems: gpg affected?
- References:
- ssl problems: gpg affected?
- From: Norbert Preining
- ssl problems: gpg affected?
- Prev by Date: Re: SSH keys: DSA vs RSA
- Next by Date: openssh-blacklist for testing-updates ?
- Previous by thread: Re: ssl problems: gpg affected?
- Next by thread: Re: ssl problems: gpg affected?
- Index(es):