[tor-relays] Relays vulnerable to OpenSSL bug: Please upgrade
Roger Dingledine
arma at mit.edu
Tue Apr 8 20:34:39 UTC 2014
On Tue, Apr 08, 2014 at 04:35:39PM +0100, mick wrote:
> Moritz Bartl <moritz at torservers.net> allegedly wrote:
> > Yes. You made it generate new keys, so it is a "new relay" as far as
> > Tor is concerned. This is why not everybody should generate new keys
> > immediately, especially larger relays. But don't worry too much,
> > you'll get your flags back eventually. :)
>
> But Roger's blog post makes no mention of the advisability (or
> otherwise) of a mass re-generation of keys. All it says is that best
> practice states this would be a good idea.
The first iteration of my blog post said something like "if you run many
fast and stable relays, consider spreading out your relay identity key
replacement over the next week so we don't unbalance the network."
But I removed that sentence a little while later, when it became clear
that nobody knows for sure but quite possibly an attacker could have
extracted key material from vulnerable relays. If that actually happened,
I think we probably want new identity keys asap, *especially* from the
big relays, and we'll be happier tolerating a couple of bumpy days while
the network recovers.
Fun times,
--Roger
More information about the tor-relays
mailing list