Re: Debian OpenSSL desaster (was: Patch: new random pseudodevice)

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> [I tried to send this as private mail, but get

> host Sparkle-4.Rodents-Montreal.ORG[216.46.5.7] refused to talk to me:
> 550-.de's whois server, whois.denic.de, is completely broken, [...]

I wrote up a point-by-point reply to this, but then realized, this is
tech-kern, not tech-broken-network-governance.  So I'll confine myself
to saying my respnse is at
{ftp,http}://ftp.rodents-montreal.org/mouse/ccTLD-thoughts.txt for
anyone interested.  (Actually, will be at; as I send this mail, I'm
still writing it - the draft is available at
.../ccTLD-thoughts-draft.txt and I'll move it when I'm done.)

As for the content...

>> I don't recall full details, but I think it was a Linux distro
> It was the Debian OpenSSL desaster.  In essence, they patched
> OpenSSL's entropy gathering to the point where the PID was the only
> entropy source being used.

Ah.  Yeah, that'll do it.  Thanks for the correction; I'm not surprised
I got some of the details wrong - but the actual incident works just as
well for the argument I was making with it.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B