[tor-project] PSA: flood attack against OpenPGP certificates underway
Antoine Beaupré
anarcat at torproject.org
Fri Jun 28 19:44:18 UTC 2019
Short update: I was just told that a similar problem has actually
occurred with TPO infrastructure, back in February:
https://lists.torproject.org/pipermail/tor-project/2019-February/002194.html
The affected key, at that time, was the deb.torproject.org signing key,
which was signed by a key with a large UID. It's a different attack, but
that can be mitigated in similar ways. The good key is still available here:
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
... where signatures are also provided so that you do not have to use
the key from the keyservers. The key is also available on
keys.openpgp.org.
A.
--
Antoine Beaupré
torproject.org system administration
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20190628/6d628962/attachment.sig>
More information about the tor-project
mailing list