[conspire] Fwd: Offering GPG/PGP Workshop at CABAL

Rick Moen rick at linuxmafia.com
Tue May 13 21:12:00 PDT 2008

Quoting David Fox (dfox94085 at gmail.com):

>  Followup:
>  This might be a good time because there's a security vulnerability in
>  Debian's openssl, may be a good idea to regenerate keys.
>  http://www.net-security.org/advisory.php?id=8882
>  And after reading Rick's writeup on gpg I jumped the gun a bit. I
>  noticed that my keys were last generated back in 2005 and have not
>  used them hardly at all.
>  But my email address changed, and that's one reason to change the key.
>  But I couldn't revoke, because I couldn't remember the passphrase I
>  used 3 years ago!


1.  The security advisory doesn't cover GnuPG or PGP, since those
programs don't in any way use OpenSSL-generated keys.

2.  If it _had_ used OpenSSL-generated keys, you'd still be OK with keys
generated in 2005, because the affected OpenSSL versions came out
starting in September 2006.

More information about the conspire mailing list