-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
the recently publicized SSL weak key generation for debian-based systems (c.f. http://www.debian.org/security/key-rollover/) has lead our university computing center to retract our Gentoo-generated SSL keys based on an advisory from the German DFN cert :-( I have not found any information about whether this might also affect Gentoo systems. A test with the Perl script from http://security.debian.org/project/extra/dowkd/dowkd.pl.gz does not show vulnerability: ~ summary: keys found: 2, weak keys: 0 So I guess that Gentoo-generated keys are not affected. Still it would be nice to have an official statement to prevent official certification bodies from retracting valid Gentoo-generated keys. Regards, Peter - -- Peter Schneider-Kamp mailto:[EMAIL PROTECTED] LuFG Informatik II http://verify.rwth-aachen.de/psk RWTH Aachen phone: +49 241 80-21211 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkguoJQACgkQ3VbrCXkKHhxQigCfSoeTKHLeq2nprKI5BuBgPJhg KtgAniEai4bE7HnTDKNsA/pnspdVZMFU =xywx -----END PGP SIGNATURE----- -- gentoo-security@lists.gentoo.org mailing list
