[tor-dev] Implications of openssl bug on directory authorities
Nick Mathewson
nickm at alum.mit.edu
Mon Apr 14 19:02:39 UTC 2014
On Wed, Apr 9, 2014 at 8:36 AM, Nick Mathewson <nickm at alum.mit.edu> wrote:
> On Wed, Apr 9, 2014 at 5:49 AM, Roger Dingledine <arma at mit.edu> wrote:
> [...]
>> Anybody have a plan 3?
>
> Update the client and server code to explicitly blacklist the old
> signing keys, and design a better key revocation mechanism for the
> next time, in case there is a next time?
I've got a draft patch for this up at
https://trac.torproject.org/projects/tor/ticket/11464 , but I need a
list of bad authority signing keys and/or certs. Who can get me that?
cheers,
--
Nick
More information about the tor-dev
mailing list