Implications of Debian OpenSSL flaw for MIT PKINIT

Ken Raeburn raeburn at MIT.EDU
Thu May 15 11:35:31 EDT 2008

On May 15, 2008, at 10:34, Russ Allbery wrote:
> Based on that understanding, it looks to me like MIT Kerberos is not  
> in
> itself affected.  Long-term key pairs used with PKINIT may be  
> affected if
> generated on an affected Debian system, but such generation is  
> external to
> MIT Kerberos.
> Can you confirm whether my understanding is correct?

I believe it is correct, yes.

Ken Raeburn, Senior Programmer
MIT Kerberos Consortium

More information about the krbdev mailing list