On Wed, Apr 9, 2014 at 5:49 AM, Roger Dingledine <arma at mit.edu> wrote: [...] > Anybody have a plan 3? Update the client and server code to explicitly blacklist the old signing keys, and design a better key revocation mechanism for the next time, in case there is a next time? -- Nick