Re: ssl security desaster

Date: Thu, 15 May 2008 07:51:20 -0700
From: Russ Allbery <rra@xxxxxxxxxx>
Subject: Re: ssl security desaster

Martin Uecker <muecker@xxxxxxx> writes:

> In this case, the security advisory should clearly be updated. And all
> advise about searching for weak keys should be removed as well, because
> it leads to false sense of security. In fact, *all* keys used on Debian
> machines should be considered compromised.

All *DSA* keys.  RSA keys do not have the same problem, as I understand
it.

-- 
Russ Allbery (rra@xxxxxxxxxx)               <http://www.eyrie.org/~eagle/>


-- 
To UNSUBSCRIBE, email to debian-devel-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: ssl security desaster
  - From: Adam Majer

References:
- ssl security desaster (was: Re: SSH keys: DSA vs RSA)
  - From: Martin Uecker

Prev by Date: Re: [DSA 1571-1] Heimdal
Next by Date: Re: [DSA 1571-1] Heimdal
Previous by thread: security embargos (was: Re: ssl security desaster)
Next by thread: Re: ssl security desaster
Index(es):
- Date
- Thread

lists-archives.org

Re: ssl security desaster