[Cryptography] Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?
Salz, Rich
rsalz at akamai.com
Fri Sep 30 21:07:27 EDT 2016
> Does it matter who created the keys if openssl accepts them?
Okay, great, you found a bug in OpenSSL in that it accepts invalid keys created by an external program.
Look forward to your PR to fix it. I mean really, let's have some perspective. A bug in DSA key validation is really not a big deal.
More information about the cryptography
mailing list