[tor-relays] Rejecting 380 vulnerable guard/exit keys
Martin Kepplinger
martink at posteo.de
Wed Apr 16 07:35:22 UTC 2014
Am 16.04.2014 06:42 schrieb Roger Dingledine:
> Hi folks,
>
> I'm attaching the list of relay identity fingerprints that I'm
> rejecting on moria1 as of yesterday.
>
> I got the list from Sina's scanner:
> https://encrypted.redteam.net/bleeding_edges/
>
> I thought for a while about taking away their Valid flag rather
> than rejecting them outright, but this way they'll get notices
> in their logs.
>
> I also thought for a while about trying to keep my list of
> fingerprints
> up-to-date (i.e. removing the !reject line once they've upgraded their
> openssl), but on the other hand, if they were still vulnerable as of
> yesterday, I really don't want this identity key on the Tor network
> even
> after they've upgraded their openssl.
>
> If the other directory authority operators follow suit, we'll lose
> about
> 12% of the exit capacity and 12% of the guard capacity.
How is that going to be decided?
>
> I/we should add to this list as we discover other relays that come
> online with vulnerable openssl versions.
>
> Also these are just the relays with Guard and/or Exit flags, so we
> should
> add the other 1000+ at some point soon.
>
> --Roger
>
Thanks for your work!
More information about the tor-relays
mailing list