Re: ssl security desaster

To: debian-devel@lists.debian.org
Subject: Re: ssl security desaster
From: Russ Allbery <rra@debian.org>
Date: Thu, 15 May 2008 07:51:20 -0700
Message-id: <[🔎] 87skwjboyf.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 1210853087.16247.13.camel@localhost> (Martin Uecker's message of "Thu\, 15 May 2008 14\:04\:47 +0200")
References: <[🔎] 1210853087.16247.13.camel@localhost>

Martin Uecker <muecker@gwdg.de> writes:

> In this case, the security advisory should clearly be updated. And all
> advise about searching for weak keys should be removed as well, because
> it leads to false sense of security. In fact, *all* keys used on Debian
> machines should be considered compromised.

All *DSA* keys.  RSA keys do not have the same problem, as I understand
it.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: ssl security desaster
  - From: Adam Majer <adamm@zombino.com>

References:
- ssl security desaster (was: Re: SSH keys: DSA vs RSA)
  - From: Martin Uecker <muecker@gwdg.de>

Prev by Date: Re: [DSA 1571-1] Heimdal
Next by Date: Re: [DSA 1571-1] Heimdal
Previous by thread: security embargos (was: Re: ssl security desaster)
Next by thread: Re: ssl security desaster
Index(es):
- Date
- Thread