-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear PowerDNS Authoritative Server users,
Summary: DNSSEC keys generated with 3.1-RC1, RC2 and SVN builds between february 14th and april 28th may be weak. Earlier this week the PolarSSL team released version 1.1.2 of their library. This is a security release; their advisory is at http://polarssl.org/trac/wiki/SecurityAdvisory201201 For PowerDNS, the issues in this advisory impact RSA key generation, which is the default for pdnssec secure-zone. PolarSSL 1.1.1 (which has the defects described in the advisory) was imported into PowerDNS SVN on february 14th, in revision 2396. This means that PowerDNS 3.0 was not using the affected version. We have confirmation from the PolarSSL team that the version of PolarSSL used in PowerDNS 3.0 is free of these issues. PowerDNS 3.1-RC1 and RC2, and any build from SVN between revision 2396 and 2585, are affected. If you have generated keys with any of these versions, we recommend replacing those keys. Make sure to replace your keys carefully (i.e. do a correct DNSSEC key rollover) to avoid making your domain invisible to validating resolvers. Please let us know if you require assistance, of have further questions. PolarSSL has been upgraded to 1.1.2 as of PowerDNS SVN revision 2586. Releases and release candidates *after* 3.1-RC2 will include PolarSSL 1.1.2 as well. Our apologies for the inconvenience. Kind regards, - -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJPm/ggAAoJENz1E/p+7Rnzf+QQALE7KaOpbDAtFGXk5fdncwgG imUlgPjTr7NAzeUpZRENj6EPzu6h7HTnyMMy9XFdqUt4TFFXG0Itl6tbsZBc/EIL NwUhjPZVP7tGnjo38bCQ7k+VVKBazpUKsoXkAdIzm9+8Cv1z+ydXJmOzZa7f/DBM 7qETWyOahW1iE1uivRDv1/8SnCRoTqm6sRAWyH/T/T0kFyiN6WYy7vI5rJ9aTgIQ qGEVtoVvYc+kj5vrV7ZiIpJJko5TAVV0jU5vm2RYR1cx3JAPT2GxrTatDsSw4Jel DxN3y7WezHtXBXBYOZ0x3qevLwA2DGeJNHEs8VOo7ZT2cEX7+jpMF3j8AJ91qTdG WXO+PPFvQXtdsin40G5kj/2oy4+HjcZamd/4SA+yQYU+S7hGescR9rqk6qod90lk CfRu+AZtAkSe8ABVNvVUAlcn29JAYw5/5zII4W0mIL86JFVallPG2RkKST2D0eML p8707iza1bMVRLAVC85QXRt3wA0aW0zM54j0LAF+aV2tB9LlJgd7XHWuBAkQxpmR LIS1BYAqWPE8qN1mmVJzhhZyEM49SHdbFrBTM8gp35TF4bu+bRYV/nB5tyChrueb 2jxNgdvl0f7EVb6T08n9usDzdTrsBQ/4w9bjb7xqe+ddgu4QPpNvUKOYkUm4h9Sp sep/ndTpl/c6XrnRZqeB =wCgA -----END PGP SIGNATURE----- _______________________________________________ Pdns-dev mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-dev
