Re: key rollover for MIT Kerberos
On Thu, May 15, 2008 at 01:31:49PM -0400, Joey Hess wrote:
> Moritz Muehlenhoff wrote:
> > MIT Kerberos (krb5)
> >
> > No part of MIT Kerberos in Debian Etch uses OpenSSL. In Lenny the separate binary
> > package krb5-pkinit uses OpenSSL. Instructions on key exchanges for PKINIT operation
> > will be added soon.
>
> Added, as well as xrdp and gforge.
Thanks.
> <h1><a name="gnupg">GnuPG</a></h1>
>
> <p>
> GnuPG does not use OpenSSL, so gpg keys are not impacted by the
> vulnerability. However, keys that were stored on systems that could be
> attacked by using weak SSH keys, or other means, could be indirectly
> exposed, and gpg passphrases sent over ssh connections using weak SSH
> keys could be potentially exposed.
> </p>
Ack on this.
> Note: I'm keeping the list sorted, but with openssh at the top, since
> that's the issue that will affect most people.
Ok.
Cheers,
Moritz
Reply to: