[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Rejecting 380 vulnerable guard/exit keys

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] Rejecting 380 vulnerable guard/exit keys
From: Martin Kepplinger <martink@xxxxxxxxx>
Date: Wed, 16 Apr 2014 09:35:22 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 16 Apr 2014 03:35:48 -0400
In-reply-to: <20140416044254.GR6713@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <20140416044254.GR6713@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Posteo Webmail

Am 16.04.2014 06:42 schrieb Roger Dingledine:

Hi folks,

I'm attaching the list of relay identity fingerprints that I'm
rejecting on moria1 as of yesterday.

I got the list from Sina's scanner:
https://encrypted.redteam.net/bleeding_edges/

I thought for a while about taking away their Valid flag rather
than rejecting them outright, but this way they'll get notices
in their logs.

I also thought for a while about trying to keep my list offingerprints

up-to-date (i.e. removing the !reject line once they've upgraded their
openssl), but on the other hand, if they were still vulnerable as of

yesterday, I really don't want this identity key on the Tor networkeven

after they've upgraded their openssl.

If the other directory authority operators follow suit, we'll loseabout

12% of the exit capacity and 12% of the guard capacity.


How is that going to be decided?


I/we should add to this list as we discover other relays that come
online with vulnerable openssl versions.

Also these are just the relays with Guard and/or Exit flags, so weshould

add the other 1000+ at some point soon.

--Roger


Thanks for your work!
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Rejecting 380 vulnerable guard/exit keys
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] Relay down, "rejected", help
Next by Author: [tor-relays] No Bridges Being Returned by Onionoo
Previous by thread: [tor-relays] Rejecting 380 vulnerable guard/exit keys
Next by thread: Re: [tor-relays] Rejecting 380 vulnerable guard/exit keys
Index(es):
- Author
- Thread