Re: [tor-project] PSA: flood attack against OpenPGP certificates underway

28 Jun 2019


      Short update: I was just told that a similar problem has actually
occurred with TPO infrastructure, back in February:
https://lists.torproject.org/pipermail/tor-project/2019-February/002194.html
The affected key, at that time, was the deb.torproject.org signing key,
which was signed by a key with a large UID. It's a different attack, but
that can be mitigated in similar ways. The good key is still available here:
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88...
... where signatures are also provided so that you do not have to use
the key from the keyservers. The key is also available on
keys.openpgp.org.
A.
-- 
Antoine Beaupré
torproject.org system administration

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Re: [tor-project] PSA: flood attack against OpenPGP certificates underway