Re: [tor-dev] Implications of openssl bug on directory authorities

On Wed, Apr 9, 2014 at 8:36 AM, Nick Mathewson nickm@alum.mit.edu wrote:

On Wed, Apr 9, 2014 at 5:49 AM, Roger Dingledine arma@mit.edu wrote: [...]

...

Anybody have a plan 3?

Update the client and server code to explicitly blacklist the old signing keys, and design a better key revocation mechanism for the next time, in case there is a next time?

I've got a draft patch for this up at https://trac.torproject.org/projects/tor/ticket/11464 , but I need a list of bad authority signing keys and/or certs. Who can get me that?

cheers,