Implications of Debian OpenSSL flaw for MIT PKINIT

[Ken Raeburn]

On May 15, 2008, at 10:34, Russ Allbery wrote:
> Based on that understanding, it looks to me like MIT Kerberos is not  
> in
> itself affected.  Long-term key pairs used with PKINIT may be  
> affected if
> generated on an affected Debian system, but such generation is  
> external to
> MIT Kerberos.
>
> Can you confirm whether my understanding is correct?

I believe it is correct, yes.

-- 
Ken Raeburn, Senior Programmer
MIT Kerberos Consortium