The Ubuntu openssl maintainers released a openssl-blacklist equivalent
to the openssh-blacklist package. It includes a blacklist with
compromised openssl key hashes and a program with a openssl-vulnkey
program suitable to test your openssl key files.
I think it would be a good think to coordinate the work between debian
and ubuntu and to incorporate this package into debian main.
I am not shure how to include this into a security update and how to
make the users check all there keys. It would be nice to have at least a
warning from libssl if a compromised key is used. The securest way would
be to disable the keys like openssh.
What do you think?
Christoph
--
============================================================================
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: Christoph.Martin@Verwaltung.Uni-Mainz.DE
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
Attachment:
signature.asc
Description: OpenPGP digital signature