[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

Hello,

Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat:
> OoO En ce  début d'après-midi nuageux du mardi 13  mai 2008, vers 14:06,
>
> Florian Weimer <fw@deneb.enyo.de> disait:
> > Package        : openssl
> > Vulnerability : predictable random number generator
>
> Some other random questions:
>  - It seems  that firefox does not handle  CRL unless manually imported,
>    correct? This  means that in  most cases already  issued certificates
>    are still  vulnerable even revoked. A  quick look seems  to show that
>    most software do not handle CRL at all.
>  - As a  maintainer of a package that  have generated certificates using
>    OpenSSL, how should we handle the issue?
>
> For the last question, I see several solutions:
>  - the user has to read the DSA and handle it himself

Since some keys are generated automatically, (e.g. ssh host keys) users will 
have to regenerate keys,they haven't generated in the first place and might 
not be aware of their existens.
That's bad.

Keep smiling
yanosz
Reply to: