Re: ssl problems: gpg affected?

To: debian-devel@lists.debian.org
Subject: Re: ssl problems: gpg affected?
From: Michal Čihař <nijel@debian.org>
Date: Thu, 15 May 2008 10:20:15 +0200
Message-id: <[🔎] 20080515102015.7b396e29@debian.org>
In-reply-to: <[🔎] 20080515060902.GB30627@gamma.logic.tuwien.ac.at>
References: <[🔎] 20080515060902.GB30627@gamma.logic.tuwien.ac.at>

On Thu, 15 May 2008 08:09:02 +0200
Norbert Preining <preining@logic.at> wrote:

> On Do, 15 Mai 2008, Steinar H. Gunderson wrote:
> > No. Any key who had a single DSA signature created by the flawed version of
> > OpenSSL should be considered compromised. DSA requires a secret, random
> 
> Does this extend to gpg keys and its signatures? That would make quite
> an impact.

GnuPG does not use OpenSSL, so it should be safe. But generally it
could be possible to use same key for both GnuPG and OpenSSL and then
you would have a problem.

-- 
	Michal Čihař | http://cihar.com | http://blog.cihar.com

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: ssl problems: gpg affected?
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- ssl problems: gpg affected?
  - From: Norbert Preining <preining@logic.at>

Prev by Date: Re: SSH keys: DSA vs RSA
Next by Date: openssh-blacklist for testing-updates ?
Previous by thread: Re: ssl problems: gpg affected?
Next by thread: Re: ssl problems: gpg affected?
Index(es):
- Date
- Thread