Re: Accepted openssh 1:4.7p1-9 (source all i386)

To: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Subject: Re: Accepted openssh 1:4.7p1-9 (source all i386)
From: Joey Hess <joeyh@debian.org>
Date: Wed, 14 May 2008 01:10:20 -0400
Message-id: <[🔎] 20080514051020.GA29763@kodama.kitenet.net>
In-reply-to: <[🔎] 20080514014926.GM16645@riva.ucam.org>
References: <[🔎] E1Jvw16-0003ZX-LM@ries.debian.org> <[🔎] 20080513221823.GA10644@kodama.kitenet.net> <[🔎] 87wslxiu1w.fsf@windlord.stanford.edu> <[🔎] 20080514010859.GA28496@kodama.kitenet.net> <[🔎] 20080514014926.GM16645@riva.ucam.org>

Sorry, another question.. 

openssh-server checks for weak keys and offers to replace them. But what
if you have a strong DSA host key, and have been using the broken libssl
for years? My understanding (from irc, possibly very flawed) is that
this effecively exposed the DSA host key to brute-forcing. So that key
should also probably be replaced. Having ssh handle one case but not the
other on upgrade could lead to a false sense of security..

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Colin Watson <cjwatson@debian.org>

References:
- Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Colin Watson <cjwatson@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Joey Hess <joeyh@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Russ Allbery <rra@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Joey Hess <joeyh@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: Accepted openssh 1:4.7p1-9 (source all i386)
Next by Date: Bug#13389: Take a new step in your life!
Previous by thread: Re: Accepted openssh 1:4.7p1-9 (source all i386)
Next by thread: Re: Accepted openssh 1:4.7p1-9 (source all i386)
Index(es):
- Date
- Thread