Re: ssl security desaster
On Fri, May 16, 2008 at 03:27:42PM -0500, Adam Majer wrote:
> Russ Allbery wrote:
> > Martin Uecker <muecker@gwdg.de> writes:
> >
> >> In this case, the security advisory should clearly be updated. And all
> >> advise about searching for weak keys should be removed as well, because
> >> it leads to false sense of security. In fact, *all* keys used on Debian
> >> machines should be considered compromised.
> >
> > All *DSA* keys. RSA keys do not have the same problem, as I understand
> > it.
>
> Err, how so??
>
> RSA keys generated with broken OpenSSL need replacing. This means SSL
> certificates, CA, etc....
>
> But RSA keys (for SSL, as an example), generated on good OpenSSL but
> used on Etch servers are ok?
Yes.
Mike
Reply to: