[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-project] PSA: flood attack against OpenPGP certificates underway

To: tor-project@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-project] PSA: flood attack against OpenPGP certificates underway
From: Antoine Beaupré <anarcat@xxxxxxxxxxxxxx>
Date: Fri, 28 Jun 2019 15:44:18 -0400
In-reply-to: <87woh5jz8b.fsf@curie.anarc.at>
List-id: "Moderated discussion list for tor contributors." <tor-project.lists.torproject.org>
Organization: Tor
References: <87woh5jz8b.fsf@curie.anarc.at>
Reply-to: tor-project@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-project" <tor-project-bounces@xxxxxxxxxxxxxxxxxxxx>

Short update: I was just told that a similar problem has actually
occurred with TPO infrastructure, back in February:

https://lists.torproject.org/pipermail/tor-project/2019-February/002194.html

The affected key, at that time, was the deb.torproject.org signing key,
which was signed by a key with a large UID. It's a different attack, but
that can be mitigated in similar ways. The good key is still available here:

https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc

... where signatures are also provided so that you do not have to use
the key from the keyservers. The key is also available on
keys.openpgp.org.

A.
-- 
Antoine Beaupré
torproject.org system administration

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-project mailing list
tor-project@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

References:
- [tor-project] PSA: flood attack against OpenPGP certificates underway
  - From: Antoine Beaupré

Prev by Author: [tor-project] minutes from the tor sysadmin meeting
Next by Author: [tor-project] PSA: flood attack against OpenPGP certificates underway
Previous by thread: [tor-project] PSA: flood attack against OpenPGP certificates underway
Index(es):
- Author
- Thread