-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sunday 30 November 2003 12:13 pm, Melissa Reese wrote: > Hi Charlie, > <snip> > It should, however, be noted that only the *non-default* type of > ElGamal signing keys are affected by the vulnerability. If someone > created only the standard DH/DSS type key pair, there's no need to > revoke their keys and create new ones.
I agree with what you've stated here Melissa; partly because I finally found time to read that and all the other security information that's been piling up around here for two weeks, but mostly 'cause it's accurate. Oh well, no harm no foul that I revoked an old set of keys I suppose, since they were only signed back in September any way. The new set has a year to run so people can pick on me for a long time. <g> > People should read carefully the announcement of the vulnerability, > and only revoke those keys that are truly vulnerable...if they have > any of that type (a minority of GnuPG users). > > Here's the advisory: > > http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html Thanks for the reminder that "skimming" important messages isn't always the best thing to do. I plead lack of time, lack of sleep, lack of sanity, and I "take the fifth." Make that a quart. (-; If I pass out I can't run myself quite so ragged. Regards; Charlie - -- Edmonton,AB,Canada User 244963 at http://counter.li.org Mandrake Linux release 9.2 (FiveStar) for i586 kernel 2.4.22-21mdk 20:34:30 up 3 days, 5:05, 1 user, load average: 0.12, 0.26, 0.33 A real friend isn't someone you use once and then throw away. A real friend is someone you can use over and over again. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/yriLZqvqlrLPr5YRAnUSAJ9wQaRkF4GTgllsbJ0SmMWi/ucc1QCgrePL 8Iy/KSfJmCGVSH2rvuyktFk= =/wsp -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
