In some further off-list discussions with Love and Russ, it was pointed out that there is some risk after all in the DH key generation. Russ will be sending an update to the Debian security folks to post. Ken