Clint Dilks wrote: > Hi People, > > I know this may seem off topic, but I thought for those of us who might > have Debian users generating key pairs that they put on CentOS systems > people should be aware that > > everybody who generated a public/private keypair or an SSL > cert request on Debian or Ubuntu from 2006 on is vulnerable > > http://it.slashdot.org/it/08/05/13/1533212.shtml > I've been following this story too after reading about it on SANS Internet Storm Center: http://isc.sans.org/diary.html?storyid=4414 I wonder how far reaching this is. One wonders if any of the trusted root CAs have issued vulnerable certs as a result.