After reading the announcement on blocking RSA key sizes because one can’t be sure if they were made with the old buggy OpenSSL from Debian, it got me curious on something that I couldn’t readily find an answer to in my web searching:
Is it possible for somebody to make an ECDSA private key with the buggy OpenSSL version? I know that ECDSA wasn’t nearly as popular in 2008 (and I don’t know if it existed in any version of OpenSSL from that era), but my (limited) understanding of the bug was that it affected all random number generation from it. So I thought it wouldn’t hurt to ask, and worst case I’d just look as silly as if I asked why NASA didn’t use the Space Shuttle to help save the astronauts on Apollo 13.
(And also, I assume the new key block applies to account keys as well as to leaf certificates? Again, I assume it doesn’t really matter for most users, but I don’t know if account keys currently allow for one of the less-standard sizes.)