[tor-project] PSA: flood attack against OpenPGP certificates underway

Antoine Beaupré anarcat at torproject.org
Fri Jun 28 19:44:18 UTC 2019

Short update: I was just told that a similar problem has actually
occurred with TPO infrastructure, back in February:


The affected key, at that time, was the deb.torproject.org signing key,
which was signed by a key with a large UID. It's a different attack, but
that can be mitigated in similar ways. The good key is still available here:


... where signatures are also provided so that you do not have to use
the key from the keyservers. The key is also available on

Antoine Beaupré
torproject.org system administration
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20190628/6d628962/attachment.sig>

More information about the tor-project mailing list