[tor-dev] Implications of openssl bug on directory authorities

Nick Mathewson nickm at alum.mit.edu
Mon Apr 14 19:02:39 UTC 2014

On Wed, Apr 9, 2014 at 8:36 AM, Nick Mathewson <nickm at alum.mit.edu> wrote:
> On Wed, Apr 9, 2014 at 5:49 AM, Roger Dingledine <arma at mit.edu> wrote:
>  [...]
>> Anybody have a plan 3?
> Update the client and server code to explicitly blacklist the old
> signing keys, and design a better key revocation mechanism for the
> next time, in case there is a next time?

I've got a draft patch for this up at
https://trac.torproject.org/projects/tor/ticket/11464 , but I need a
list of bad authority signing keys and/or certs.  Who can get me that?


More information about the tor-dev mailing list