[tor-relays] Recommended reject lines for relays affected by Heartbleed

Roger Dingledine arma at mit.edu
Fri Apr 18 05:19:05 UTC 2014


On Thu, Apr 17, 2014 at 12:17:02AM -0400, Roger Dingledine wrote:
> Thanks Andrea. 374 of the 380 lines from Sina's file overlap with yours.
> 
> I've moved moria1 to reject the union of the two lists.

Four other directory authority operators have also blacklisted these keys,
and they've now been dropped from the network.

For comparison, we moved from 5421 Running relays earlier yesterday,
to 4354 Running relays now. Many of the affected relays were tiny,
but there sure were a lot of them.

In the future, when we catch our breath a bit more, I'll start logging
the rejected descriptors, and send another round of mail to everybody
who set their ContactInfo to let them know to dump their keys and upgrade.

Oh, and since it's going to confuse people, at the same time as this
change we also have been cutting relays running Tor 0.2.2.x out of
the network:
https://trac.torproject.org/projects/tor/ticket/11149
That's currently ~240 relays, but again they're mostly quite small.
https://metrics.torproject.org/network.html#versions

--Roger



More information about the tor-relays mailing list