On Thu, May 15, 2008 at 2:19 PM, Daniel de Kok <me at danieldk.org> wrote: > Yes, it is very important to follow up on this issue as soon as you > can (now) to see if any of your keys or those of your users are > affected. Additionally, it should be noted that in the case of *DSA* > keys, this can even affect users who do have good keys but used them > to communicate with a Debian server with the botched OpenSSL. Jikes, rereading this, this does not seem accurate at all. Let me just quote the advisory: "Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation." Take care, Daniel