On Wed, May 14, 2008 at 6:08 AM, River Tarnell river@wikimedia.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Carl F?rstenberg:
but surely, can't all the keys people are using for logging in been compromized?
i'm not sure what you're asking here. as far as i understand the problem, using an SSH key to log into an affected server does not compromise the key. (if it did, that would be very bad, because the point of asymmetric cryptography is that the other end doesn't know your private key.)
the key _is_ affected if you copy the private part of the key to an affected server and use it there.
But the keys that some people use to log in may be compromised, if they were created on a vulnerable OpenSSL version not on the toolserver. Given that Brion disabled some people's commit keys, I take it that it's possible to tell whether a key is compromised just by examining the public key. Do you plan to do that, or allow people with compromised keys to continue to log in? Or is that a false dilemma?