Re: openssl-blacklist & two keys per one pid

To: debian-security@lists.debian.org
Subject: Re: openssl-blacklist & two keys per one pid
From: Stefan Fritsch <sf@sfritsch.de>
Date: Wed, 21 May 2008 15:01:53 +0200
Message-id: <[🔎] 200805211501.54858.sf@sfritsch.de>
In-reply-to: <[🔎] 874p8u5vyx.fsf@mid.deneb.enyo.de>
References: <[🔎] 4830B725.7070104@tomasek.cz> <[🔎] 20080518233458.GF12850@outflux.net> <[🔎] 874p8u5vyx.fsf@mid.deneb.enyo.de>

On Monday 19 May 2008, Florian Weimer wrote:
> BTW, it appears that the same blacklist can be used for -3 and -F4
> keys. (Just in case you haven't checked that already.)

RSA keys with exponent 3 should probably not be used at all, because 
multiple implementations did not verify the signatures correctly.

http://www.kb.cert.org/vuls/id/845620
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- openssl-blacklist & two keys per one pid
  - From: Jan Tomasek <jan@tomasek.cz>
- Re: openssl-blacklist & two keys per one pid
  - From: Kees Cook <kees@ubuntu.com>
- Re: openssl-blacklist & two keys per one pid
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: openssl-blacklist & two keys per one pid
Next by Date: Re: openssl-blacklist & two keys per one pid
Previous by thread: Re: openssl-blacklist & two keys per one pid
Next by thread: Re: openssl-blacklist & two keys per one pid
Index(es):
- Date
- Thread