A CA who isn't communicating what they have done to address this issue with their customers today needs to be in a different business as well. 

On Wednesday, April 9, 2014, Nathan Ward <nznog@daork.net> wrote:
On 9/04/2014, at 2:47 pm, David Robinson <nznog@karit.geek.nz> wrote:

> Though should only regenerate when your CA has updated their side if
> they use openssl anywhere in their pipeline

I’m not sure that this is really true - The bug lets you read memory in a process that terminates an SSL connection.
If your CA has private key material for certificate signing certificates in a process that’s network addressable, then surely they should be in a different business, no?

Please correct me if I’m wrong, maybe I haven’t thought wide enough.

> And you also need to revoke your current SSL certificates so they
> can't be repurposed
>
> On 9 April 2014 13:05, Gerard Creamer <gerard@netspace.net.nz> wrote:
>>
>> That's what we did - patch then regenerate.  Better safe than sorry.
>>
>>
>>
>> On 9/04/2014 11:47 a.m., Michael Sutton wrote:
>>
>> NZNOG members:
>>
>> My apologies but all attempts to send the text content of this PDF this
>> morning have been blackholed until I managed to send the contents to
>> InternetNZ PAG as a PDF which made it through filters which been stopping
>> this content.  I have had no problem send other messages etc.
>>
>> Your comments would be appreciated as I see this as a major issue which may
>> require all certificates to be regenerated and then only used on patched
>> systems whose memory and priv keys cannot read copied by external parties.
>>
>> Sincerely
>> Michael S Sutton
>> Director - Awacs Communications (NZ) Limited
>> Transit Room
>> The Dominion Observatory
>> 34 Salamanca Road
>> Kelburn
>> Wellington
>> +64 21 305500
>> Twitter & Skype: Mikiwis
>> http://www.awacs.co.nz
>> https://www.google.co.nz/#q=michael+sutton+nokia+patent
>> http://www.linkedin.com/profile/view?id=16587996&trk=tab_pro
>>
>>
>>
>> _______________________________________________
>> NZNOG mailing list
>> NZNOG@list.waikato.ac.nz
>> http://list.waikato.ac.nz/mailman/listinfo/nznog
>>
>>
>> --
>> Netspace Services Limited
>> http://www.netspace.net.nz
>> Phone +64 4 917 8098
>> Mobile +64 21 246 2266
>> Level 4, 191 Thorndon Quay, Thorndon
>> PO Box 12-082, Thorndon, Wellington 6004, New Zealand
>>
>>
>> _______________________________________________
>> NZNOG mailing list
>> NZNOG@list.waikato.ac.nz
>> http://list.waikato.ac.nz/mailman/listinfo/nznog
>>
> _______________________________________________
> NZNOG mailing list
> NZNOG@list.waikato.ac.nz
> http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog