Re: ssl problems: gpg affected?
* Michal Čihař: > GnuPG does not use OpenSSL, so it should be safe. But generally it > could be possible to use same key for both GnuPG and OpenSSL and then > you would have a problem. There is no benefit from doing that, so this is highly unlikely. It requires manual key conversion, too. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ssl problems: gpg affected?
On Thu, 15 May 2008 08:09:02 +0200 Norbert Preining <[EMAIL PROTECTED]> wrote: > On Do, 15 Mai 2008, Steinar H. Gunderson wrote: > > No. Any key who had a single DSA signature created by the flawed version of > > OpenSSL should be considered compromised. DSA requires a secret, random > > Does this extend to gpg keys and its signatures? That would make quite > an impact. GnuPG does not use OpenSSL, so it should be safe. But generally it could be possible to use same key for both GnuPG and OpenSSL and then you would have a problem. -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Re: ssl problems: gpg affected?
On Thu, 2008-05-15 at 08:09 +0200, Norbert Preining wrote: > On Do, 15 Mai 2008, Steinar H. Gunderson wrote: > > No. Any key who had a single DSA signature created by the flawed version of > > OpenSSL should be considered compromised. DSA requires a secret, random > > Does this extend to gpg keys and its signatures? That would make quite > an impact. The DSA said no. kk > > Best wishes > > -- Karl Goetz <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part