Dear IGTF relying parties,
The OpenSSL Security Team released an advisory [1] on January 7th, regarding incorrect checks for malformed signatures when DSA or ECDSA keys are used. The IGTF Risk Assessment Team (RAT) [2] would like to inform you that NONE of the IGTF-accredited certification authorities use such keys to sign any certificate.
This means this vulnerability does not constitute any risk to relying parties when they authenticate a server presenting a certificates issued by an IGTF-accredited CA.
None of the CAs accredited by the IGTF issue, or have issued in the past, certificates using signature algorithms other than RSA.
On behalf of the IGTF/IGTF RAT
Sincerely, Jim Basney David Groep Vinod Rebello Willy Weisz
[1] http://www.openssl.org/news/secadv_20090107.txt [2] http://tagpma.es.net/wiki/bin/view/IGTF-RAT