[Cryptography] Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?

Salz, Rich rsalz at akamai.com
Fri Sep 30 21:07:27 EDT 2016


> Does it matter who created the keys if openssl accepts them?

Okay, great, you found a bug in OpenSSL in that it accepts invalid keys created by an external program.

Look forward to your PR to fix it.  I mean really, let's have some perspective.  A bug in DSA key validation is really not a big deal.


More information about the cryptography mailing list