On Wed, 2015-05-27 at 18:29 +0100, Colin Watson wrote: > Like I say, I'm not aware of this being an issue in practice. If you > know real details, then instead of replying to this bug with hypotheses, > please point me at real examples. As I've said... I (personally) don't feel that concerned about this specific issue - we have other much more serious security problems in OpenSSH. I guess DKG's idea simply was that we shouldn't wait for an example case where an attacker may abuse this (simply because it's too late then), but proactively change it now. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature