Re: key rollover for MIT Kerberos

To: debian-www@lists.debian.org, team@security.debian.org
Subject: Re: key rollover for MIT Kerberos
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 15 May 2008 23:25:36 +0200
Message-id: <[🔎] 20080515212536.GB3683@galadriel.inutil.org>
In-reply-to: <[🔎] 20080515173149.GH26920@kodama.kitenet.net>
References: <[🔎] 20080515143203.GA1742@inutil.org> <[🔎] 20080515173149.GH26920@kodama.kitenet.net>

On Thu, May 15, 2008 at 01:31:49PM -0400, Joey Hess wrote:
> Moritz Muehlenhoff wrote:
> > MIT Kerberos (krb5)
> > 
> > No part of MIT Kerberos in Debian Etch uses OpenSSL. In Lenny the separate binary
> > package krb5-pkinit uses OpenSSL. Instructions on key exchanges for PKINIT operation
> > will be added soon.
> 
> Added, as well as xrdp and gforge. 

Thanks.
 
> <h1><a name="gnupg">GnuPG</a></h1>
> 
> <p>
> GnuPG does not use OpenSSL, so gpg keys are not impacted by the
> vulnerability. However, keys that were stored on systems that could be
> attacked by using weak SSH keys, or other means, could be indirectly
> exposed, and gpg passphrases sent over ssh connections using weak SSH
> keys could be potentially exposed.
> </p>

Ack on this.

> Note: I'm keeping the list sorted, but with openssh at the top, since
> that's the issue that will affect most people.

Ok.

Cheers,
        Moritz

Reply to:

References:
- key rollover for MIT Kerberos
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: key rollover for MIT Kerberos
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: xrdp instructions for key rollover
Next by Date: krb5 / Lenny status
Previous by thread: Re: key rollover for MIT Kerberos
Next by thread: krb5 / Lenny status
Index(es):
- Date
- Thread