Implications of Debian OpenSSL flaw for MIT PKINIT

Russ Allbery rra at
Thu May 15 12:00:41 EDT 2008

Ken Raeburn <raeburn at MIT.EDU> writes:
> On May 15, 2008, at 10:34, Russ Allbery wrote:

>> Based on that understanding, it looks to me like MIT Kerberos is not in
>> itself affected.  Long-term key pairs used with PKINIT may be affected
>> if generated on an affected Debian system, but such generation is
>> external to MIT Kerberos.

>> Can you confirm whether my understanding is correct?

> I believe it is correct, yes.

Thanks, Ken!

Russ Allbery (rra at             <>

More information about the krbdev mailing list