[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssl security desaster

Russ Allbery wrote:
> Martin Uecker <muecker@gwdg.de> writes:
>> In this case, the security advisory should clearly be updated. And all
>> advise about searching for weak keys should be removed as well, because
>> it leads to false sense of security. In fact, *all* keys used on Debian
>> machines should be considered compromised.
> All *DSA* keys.  RSA keys do not have the same problem, as I understand
> it.

Err, how so??

RSA keys generated with broken OpenSSL need replacing. This means SSL
certificates, CA, etc....

But RSA keys (for SSL, as an example), generated on good OpenSSL but
used on Etch servers are ok?

- Adam

Reply to: