[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Long-term effect of Heartbleed on Tor

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Long-term effect of Heartbleed on Tor
From: Tom van der Woerdt <info@xxxxxxx>
Date: Wed, 09 Apr 2014 19:47:24 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Apr 2014 14:12:29 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

What's the long-term effect of Heartbleed on Tor?

* Should we consider every key that was created before Tuesday a bad keyand lower their consensus weight?* Should authorities scan for bad OpenSSL versions and force theirweight down to 20?

A lot of relays will continue running bad OpenSSL versions whichseriously hurts the security of Tor. A month from now theNSA/CGHQ/CIVD/etc may know the private keys of a large chunk of theserelays and possibly be able to decode a big chunk of traffic...


Tom
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Long-term effect of Heartbleed on Tor
  - From: Paul Pearce

Prev by Author: Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
Next by Author: Re: [tor-relays] Long-term effect of Heartbleed on Tor
Previous by thread: Re: [tor-relays] any action required for AWS cloud relays?
Next by thread: Re: [tor-relays] Long-term effect of Heartbleed on Tor
Index(es):
- Author
- Thread