staticsafe <[email protected]> wrote: > On 2014-04-07 17:53, Edwin Chu wrote: >> >> Hi >> >> A latest story for OpenSSL >> >> http://heartbleed.com/ >> >> ed > > > Already patched in Debian. > > DSA 2896-1.
OK, but if you have the patches, should you still assume all your keys may have been compromised and therefore replace them all? Should a careful user assume any server that does not replace keys approximately now is untrustworthy? How do those interact with key pinning? Or use of SSL to reach a TOR server? Or other things? _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
