Re: ssl security desaster
Russ Allbery wrote:
> Martin Uecker <email@example.com> writes:
>> In this case, the security advisory should clearly be updated. And all
>> advise about searching for weak keys should be removed as well, because
>> it leads to false sense of security. In fact, *all* keys used on Debian
>> machines should be considered compromised.
> All *DSA* keys. RSA keys do not have the same problem, as I understand
Err, how so??
RSA keys generated with broken OpenSSL need replacing. This means SSL
certificates, CA, etc....
But RSA keys (for SSL, as an example), generated on good OpenSSL but
used on Etch servers are ok?