On Wed, Apr 9, 2014 at 8:36 AM, Nick Mathewson ni...@alum.mit.edu wrote:
On Wed, Apr 9, 2014 at 5:49 AM, Roger Dingledine a...@mit.edu wrote:
[...]
Anybody have a plan 3?
Update the client and server code to explicitly blacklist the old
signing keys, and design a better key revocation
On Mon, Apr 14, 2014 at 03:02:39PM -0400, Nick Mathewson wrote:
I've got a draft patch for this up at
https://trac.torproject.org/projects/tor/ticket/11464 , but I need a
list of bad authority signing keys and/or certs. Who can get me that?
Part one: Facts as I understand them
There are 9 directory authorities, and clients only believe a consensus
networkstatus if it's signed by a majority (5) of them.
Two (moria1 and urras) of the directory authorities were unaffected by
the openssl bug, and
On Wed, Apr 9, 2014 at 5:49 AM, Roger Dingledine a...@mit.edu wrote:
[...]
Anybody have a plan 3?
Update the client and server code to explicitly blacklist the old
signing keys, and design a better key revocation mechanism for the
next time, in case there is a next time?
--
Nick