Frank Hecker:
I presume that by affected root certificates you mean root
certificates with key pairs generated using OpenSSL on Debian-based
systems, correct? The only CA I can think of that would possibly be in
this situation is CAcert, and of course it's not even applying for
inclusion at
Eddy Nigg (StartCom Ltd.) wrote:
Therefore I think it's wrong to categorically deny OpenSSL as a useless
piece of code not worthy to be used by CAs - just because some code-hero
(or script-kiddy) had it wrong. That's certainly no the case!
You're right, my comment was a bit snarky in a way I
2008/5/17 Eddy Nigg (StartCom Ltd.) [EMAIL PROTECTED]:
Frank Hecker:
P.S. Since we're talking about hackable CA software, I'll also mention
the Dogtag project out of Red Hat, the open source version of the
commercial Red Hat Certificate System.
Which is based on the former Netscape
David E. Ross wrote:
See http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0166. Discussion of
this at the Risks Forum 25.15 indicates that All SSL and SSH keys
generated on Debian-based systems (Ubuntu, Kubuntu, etc) between
September 2006 and May 13th, 2008 may be affected. See Debian
OpenSSL
4 matches
Mail list logo