Jan Luehr wrote: > Hello, > > Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat: >> OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, >> >> Florian Weimer <[EMAIL PROTECTED]> disait: >>> Package : openssl >>> Vulnerability : predictable random number generator >> Some other random questions: >> - It seems that firefox does not handle CRL unless manually imported, >> correct? This means that in most cases already issued certificates >> are still vulnerable even revoked. A quick look seems to show that >> most software do not handle CRL at all. >> - As a maintainer of a package that have generated certificates using >> OpenSSL, how should we handle the issue? >> >> For the last question, I see several solutions: >> - the user has to read the DSA and handle it himself > > Since some keys are generated automatically, (e.g. ssh host keys) users will > have to regenerate keys,they haven't generated in the first place and might > not be aware of their existens. > That's bad.
Unless I'm gravely mistaken, SSH keys aren't affected by this vulnerability. OpenSSH and OpenSSL are separate, and your ssh program generated its own keys. -Corey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
