On Tue, Dec 21, 1999 at 05:05:54PM -0500, Thor Lancelot Simon wrote:
> That said, I don't think it's a foregone conclusion that because
> the OpenSSL people said that their code is safe from the RSAREF hole,
> which it may well be *if you use it for SSL*, some random program
> that uses libcrypto, which in turn uses RSAREF, is.  Be very, very
> careful when confronted with such claims.

What was said on Bugtraq was that OpenSSH *is* legal in the United
States, is *not* vulnerable to the RSAREF2 bugs, and *is* being
distributed as an integral part of OpenBSD 2.6.

To say more than that, I'd have to go reread a few email messages that
exams have knocked to the cobwebby rear portions of my mind.

I thought I was pretty clear that I spoke from my own (apparently mis-)
understandings of what I'd read and (apparently imperfectly) remembered.

Sorry for the confusion... all I really wanted from the beginning was
a NetBSD port for OpenSSH (... and I'd still like to know who to get
in touch with about that). :^>

       ~ g r @ eclipsed.net