[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] CVE-2020-8516 Hidden Service deanonymization
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-dev] CVE-2020-8516 Hidden Service deanonymization
- From: Mike Perry <mikeperry@xxxxxxxxxxxxxx>
- Date: Thu, 6 Feb 2020 11:20:11 -0600
- Autocrypt: addr=mikeperry@xxxxxxxxxxxxxx; keydata= mQQNBFIvu6sBIADC1JsxXSWd1k+cHamS0L5/dfcGQ3AaVbTAM+82JEO5drL3E5xD9nO2KujN IRqYClCt395S9zIZuMPTo+r5UtKQhP3g+ZxxTuZeYu0pH/7iewyE477oQzkPp04rwmMpmPxv gov9jVmtshoVu1ae+IgIr0AvcIApIcUy7q4+yT9TJwVrvF/YxJ+rUIVIZc2MkisxmSaE4q45 w0kUYxnCW0FUiO7T6G1cfRhTnLv0NipfOnpKnqm1PEwZKru7JiopuSPK1gRpdsOzGSVk8OFm uojFkl4rymA1T+HOEEA7xyD8ZDpuedGtu0JM3GFS29/4f6qoEBTQNV2OaSKB89a4KI+BFwVe 9XuLEqaeYUd2RPnQhanTWPO0s3+K5ccn2TnV8HBEGKJgU7EKuWy++k2Svspt2oAqPip6GKrh P66i40p1mcKjcVywVB7NmyR1pse/yKInzmuuuD6csFbOnPCUYVwPyyjEC5IpqZe5hPszPL1X XUwipxk/pDyDI5KzKYJxR+wuPTY9YV3tHWE9FyZDHFYOHgpQVDxlyiBxDVUHeI6hu39WzUN3 yYAssaRz9GaqQEjp0iN++X2BMmmgjkBrHSHpN7mbjtf84hMilQ7McWOeQKudedE1/z65TheU tiYS60Ybq4FIv9FOrHJt/pzHPzuv7jcdOlsLl6SbWkwwS1y+GmMRpND58ZeJMTStHcZhWxxu 9DC4fNsTEPHO44yxaIdJYkasawcf87gPSYrqeUJP/1xJDwdzzPY6wbfXQJg7w5j8qlQ7lomR uU384szOvjaN9QIboR6zvxPVZcGcUX40BVQOlglHqBIchVQQ2vROs2wkvV9qSfnauBKf8dM/ LKUgQvoNCSHqkmS+siOij19moclsvH7xRgfft3WhMapygCBNFNLRqw5iXJwlWQZ4mvwbro3K WelWzm5FqQdCfP2fMA5n53bCcOS308KllDAFK/Ljnm938PEyh4rNA9eyEazCA9WCuE+zEeIM gQPr1K/lFgGldftL7oWAtfCae+jYWyXS+1zAxEQ3QGqHLmUDYumzc30paHaGeapldkcySOc9 SLWDdpvH0V91vU17WeytQD9pGBUNURc+/v1ZNG7fRm+Ulp6K0i/eh/3rKWybx8aanu3YvcNP Uyom/CA5gBmzIATlhD8vpc95YQpV+Jv4TN4crD0EIUZDzzv1Eg5Pix8qk4R4jZ81oVvvqlOA FYq96SyPWGUL5mAMrGD+RSmzLpTNH8LUEIQ7RosFQjcHNFzF6sPuG7HR03R/aNdexFqfjsK/ qntSk+vL0jtu++lp18U6UFxbHQVr32vxFybNJwAZCmK8K+Ur2kezKkWqcQrV9jXNA4IAz+H+ KPRi2+T3Jss5ABEBAAG0N01pa2UgUGVycnkgKFJlZ3VsYXIgdXNlIGtleSkgPG1pa2VwZXJy eUB0b3Jwcm9qZWN0Lm9yZz6JBDgEEwECACIFAlIvu6sCGwMGCwkIBwMCBhUIAgkKCwQWAgMB Ah4BAheAAAoJECmEazxoNobMCM8f/iLOQEZk362/aUixdi/BBli1dTNjzQBU61lt4xo2U9UO CiR5o3tcON4eLboUNt/H9VNFGgc3udwtG8fI3LcI+OhCPobVVbsZQO44cN8+FOx0w1iD4DOv Vhrlpar+kIO5KOpf+zo6nkfd6WxaZQXziqTVWEeQbfvmBnlLx+ea3C9xPWOVVbesYFVnRSLD WLgIo3HGhXjQBJ4dGvJULbBdQueEfZpSG7pscFITd3QX9Wk3N27CoYt66eM2YCl5vN094p7f Sn+2w0SZXYte/rqcklvSE7uH7h0K2eqdg+uwYkkq7bLXEamgbcrVZwsFNLH6zgVZtzkJJikm qSPwHq88cgclXWne+MdAjEATa5YKPfjnX83dgJZo1N2fgtqRf6ieLnhWGPdaHPENDnU2ADhG QKADXqM4h1HiY3giS66eVzYFUN0yOrL7rp8d0ePzxZLUIxJN/fdIGEIEjuWciW4i8VLlIQDU GEDs6ULYhSmc86bd3eVSpEEi562f6knj/TZelcxu3C+CHTee/961iaefd5c+Mp5bIt+VAC5Y HyZ29MUX8GXfiQdbtuJGOrrBT/V99SvyG2Rq8I+6v0oE7MeU7QBU3LzWsZfZvQ3APOFth0d4 fLqU9H/TQAt+8lK2xcHynz7I6JW8xi6iLvA+sftb7vdO0WGOaFbHfPeL7ErlVMMF8W5ed5gT BimRm0PxV19Rq56y6v8B6DoGg9u34JetQ2odUiAy2/ttqfGohYdGSzBuP5VamF25tBeTYChL gW6L6utARQtmf8Q2ONdyPzNStrv6rVj2bMwtuPurBIx727LPgaUO6ZUMo7lC59bvR2pn4vEv x2aXdqjL3dfNs5UJ1UEvx0PNELFHZ5bStpMt3fGgh8ZDgcUrzsY9ine60qR/ujCLLMrD8RmZ ezT4/v0CkF0RJ1hEW4jjCaOT/an4dVxnqIPoNc9g/msTmYHEQusGrrVx7cmjy5ph/HJe83tq hv3TUj2UYwIllKpgTP0azu9xIvVH3qAWgnHdonSJCQi5GjPN3h0Xfk/9+nywP4R1YIuMehmZ o0RQk96aPhds2C14bBykh4gtbuVewuj6GlciAtO7VZr/ZKeAaO5gph7XVC+4jxhdsTOSYDi+ uMuZ48NmkZQRTIA82O3GagTa3WYuu4JPPmSn4C6zAZMLnpXL6gLGDIQ/HlJht/X/+ZduFB3U mfnQEeqo0Y2kxgqvpX9p4oMHKw5nkOb+T1r/f5ulGX0u2z2pPobQLas6F13wRKvg78cjbVES 7BrREwl+egljA2xEh0NYjR8y8U4bpZrseisbsju3FiaVXW/YxEVaXFdIqA9chkYBn4hNmyup hfdiSwmfhxuCFeOstFwTB0Kp2AG5Ag0EXEe6fgEQAKrVAiP+shXz6sco7hR7Vc8JmqzrovjO u9A2/q1Yr7VJy8l1gNuJJ+EcpA6cKzxMnKxjFvpX3x0bov12YSm1ZpZxLTUS1YaeZLLesFFV Aj7ziXdzcQI6GyaNScDv73QyXa196CptQp+6WKK1aZVW4lU9mhhDcdduCG2hE2bmzDWdW25t 30WoCG5iO4w/Hxrw/T3ZQxgVBN1TDoHCzHUTJUh03kLg8KJn7IZjpS/KZlesZLUkh1RI8AHU DP40gKGk2X13H9agzJxtUTG7dU5TsmPaU7PJnSG37cjYjAyRHOrclz+pWmdofUA7lPqgRBYL NCk/K7dOcinzUC0AHLp9fsMvL2MhQ/rb/9XTK4I/H92z6C/6rzw5Sg7klsdgUhOJZENwV10I XKyQivU4KbgGfJBVQtjBRrzkgNqdNSLjmNcWrBSOQF83Q5fJsljyv/iEYrO5EvLi6+vdZ19a uToh2ZPRnKpvqbLnty+a1MdRdGTcZCfg2yddXz+h4vUTXQ06Ao/g4CU8akTPgjuS4rhgJaVT +6LDWxZT7uWhzgkEq4S7PCJEOlqYAPA0MMAdmZpCs9kTMSsLZDKa+3k3akHAtS1hcwSVsBjH Rox9WEEQZUm2Zx2hoJvwOHwZDGAI8UzfjTU9FoZ2plN9Gv0RiGvgsOB6PFb3ntLdeasLof4C zGK7ABEBAAGJBnIEGAEIACYWIQTJY8IdY1ZOKxC7M1sphGs8aDaGzAUCXEe6fgIbAgUJA5mI gAJACRAphGs8aDaGzMF0IAQZAQgAHRYhBPQqJYRmijjH77zXwmYN3mRe7/FWBQJcR7p+AAoJ EGYN3mRe7/FWCEUP/jHi0SxdB2uRkXBqzYOBKo/EGF/PEX688jKRJ2H8aVopbzlSmKC55zR0 oQit6x6VdBnUYCFwoK+zjTrNwwfMrW2DjgzYUZS0D6RZuarKY908N+06dTrGpasMAfiJzQzs 7ZfhKzPdspNaR2qtz7yVrmPd5vFeVCF2/8lL0Ivi/m1JJULuIErCY7X8gV1GzMZMQv0OG9oS suk4/oR3sL/+e/nqpH4hHkuYtLLIcmLL5OqPUu2+pRIxYN/6KOMsM8uB0xgiMRPti+U3Jaoy TJXrSz+m32kbhYJ1MCD6nKrkAKfsVSnFAcFPHoa5v9e/I+lCHCjvrWa/Y3ay4UZaJfwOGvMI 90dX/yvECxO2pi9U2zICErTNxxTTHbkxu8sR7lR+NPPFsr+WO4snJ4/QVXgIMMROat72hkNM sRmkG41aqdTmTlA68YlAa2LaVxrcDXzpj8ySWKz6ZlGWHnMR1Ul6S0quoMKh2jCBGCrap7KK TuhjP+YXlj8IpQ0NZzw9gDzCzgqTdgImAFpQuCQYigY5tAT3eWSnD39aKMEEqQd/tdJI2pWw LYI6qKK8B8kpyjRfQWm2Q8GrBfskwlSUmG3mZThD6ad2rCIO8HGNPgP983MZPhdOf/9Kah2u ItURUwnp/4PZ64hAUiNR8NEqYo21GUwzfQQuE3WJNY7O7hN7DH4E0dIgAKTFNZxw1kMByMUH 6hASEFEY8TiZkIrcM1hF5yY50g0gspaORca/kXx8EisRAIyAjwI8UP+bxJxZbqyupjNxwkG0 +2vOV3RDdpx74J2zZHSkl4my2D8mIDPVZM7tb+L5vUaQ9H7RIMjNRQY130wyMqNmkZDVOX9q YEBQagXkcFLm7ieQk7GRurE5KIaq9STLOr9nJWBOxgGhV95O1TNqkvcmNaLTzSXMeQiGwnvX Bw33jO+sNHHSjmNZVcglGirDvoxXL3EcIAakJUaGn0vz15Xg1fLA0B6d7IgQoPDvE1Pr6mFh f/J/KZuvq6aaeMZ1xuB+cEem8XNSt1kfmakaLIvTXDJ3z+2KDrjj2koAyStRb4vdfoVelEu9 5VLWGLJKevIMWbmXD4GhGk80zzZe8ouu67URzU6vg3/ck7MN7OGfWruV1c/U8EoDxYxsRJX1 HmMqQg08Nz9zbCFvj7iTFDFCJgJKMbVkjm/Eto1IORWAoTfsXZtOyynk1JhGcm0OtnWf4VhX SscB3PiqUEHSsbvlqxZBPa6AqKLwLLSApg9xxBOn5TMPVIqrnXAdulTf1zhZnSrMHCioJvgH lnQyemVMyjIKkODDXTIwD8SmzfurDmYuRT1XRelEEUWY79L8+5u4R0dCMB7yEU+s10aU8xb9 0IM0qxEczW0uvE1Lhx0POOAsQ3YsCkbSgLIIhqnsLYCeuFN/r3yGiP/m/s0sTJ54P1nmi62k Y2665hexM1xm4ngjo0KxpxJ6fP4w1YmaJdUt3aR/oompTcn4TMzcvJH6jCWaXsl0n/8q3AZQ 5C6CD3i41gioLWk+gNNrtqOai1cCbq1Jz7V3SYCpjLMAXag/iVndNJ0HZrGNrBvGz6L2CQdc Ql+Mnx85MmzOyJTygw6J4IvXtQIEY5w7OhrKqx3iVR0dD3N7DMbAy3nq+kBLM+CYoEWBQ6Rb UNVZi0ROl4gn8S0Fj5WRGqmfVvlTzkm6OsnoZ/2Ckas2geBNOqFY3SXKFUfnDRUkI/X7yxrQ yakAIzZ3AW0Ul44FYIBrxSPrzsxz6n2uY2Y6aytcO0KmPMQtRhVGPl+L8jKoaLkzV1TLDHVf GimcRS3gTfI1tqn1T5+tjG4MQK8KW5Tx+v/TXIe7jy1G0SyxGx5IYWRt+AuxOy/atH4y/01h 7gQWTeIjMYMMgbdYjOweUYYqdCeK46dra3Wnyy6ToVnvhRty/ln8sYM9ig6CRcXqNNzGd/hf cccClLw4CBe7WX+dEn+V3ZPuu7P8Rp39AYJd8o1fVFG2OHBKTSuPOYNz7iKtH+Y+i/1A1Vml kmO8+qHTFGH4LY8Jzp4qJnxKVTBhb34R2OEoJecp5GfHIT3Dtcu/dBW5Ag0EXEe7EwEQAMod q+H9wWcEjKkwd8KhyWoxJYwLOR0SKWLemSOtRhsEuQwi3pv9UoJBwGBKpdV9UYUvAyFf0vg4 tBI52LPsStrgmci57YuIf+SykL4BaW+mrvz8MSNsMNsuB85cCXPeHZuEZ/Zt59eLi96qXOiw RsuA5tCg/A4ldcuFQ5G0FXcV7AGALVjdsP7VkgUcgHKlqPrTP30N0QbYOWnkPUtmVZVJ5NPW DfOanVJBz8z9KOJ+vHkurG80XPJbL2fXSRrzG7VDJXX7s0dl/0aviC1WYRJpZ3FV9uK8TJiR Fl3cC2x69g9OsUcHE9AQhKhCtpNdTm9De+HUr4hM9O5PAhLA4XV/FPoOb9huMiSk0CLPXPnP vL4f7RoSZOhRVshO8jpZwUH2SaRntqVYffFbGLPyNpYdh1uFouvfEKZhMjeLq5BiATA2CARX UjVVhB24kQ0peWE/kP9JFcoA9YHn6HZUHYlhpHEWPb6dwCzs2VbQEdbMs2Wd3+VlAz3zt83C 3WDha1BrffCbquUHlh8l37gpCoFOMXLrL7+I87rbm8MJQ4KuVGN5J6sTYF25UqSVrU43HbsB p13xoYcYEhIskDVDYgipXEXwVq9AQUDhncZhl5KxQpD0Fw+MV6GASk/fVYq2BENGgXzpUN0e 5j7+EHhsI+Y+RdIU2hfvH65mm/HOQziZABEBAAGJBDwEGAEIACYWIQTJY8IdY1ZOKxC7M1sp hGs8aDaGzAUCXEe7EwIbDAUJA5mIgAAKCRAphGs8aDaGzNsrIACSf+4SpD6l2LmBUXgq60vV OWvFOgP/2SmY7p44CT5haZDZZw5w4JylXwnoKrIMe3Z7QtqBs7P7rFlFOqt1yyyb7sG6ryD1 agCoXyo5X3yqqE6mR7V7GFyxdZfCAMqMTX0oyjfxL6ByBA4FXCsl9SHEY4b8Po6jexmJCCQj Ehw3sTwNelt10cTS5iWK/ZCeQP6e31ZeR12eH1L0aTOL4FiUk3dWGs/veBT6VMICOZo1aBMz hW4+b/l9GxmDXhdaymfy3+VSqQDChf9mto2okvsz7pH7cdDS0fgJX7oBxRI/CKxl0vXFZt8K 4fM/W/dOHSzpG49SJjKKIm77DvwUk9xGKY6Uan3JmW7vp9DX4lmfQXOgRH+YLoONKeYH50Vn HGH3WW9/bxqIJQ5GiJ1G6vB7mYQRD2OAcUoh/b1WcXbY/LgKD8ul47PCrO+y+Nd/CmnYLNUW Ha44e4q9eega+KCpdq01TPbIQREBcZZBidXSe76l9kfJQoGf6Y07Xmj1f2UXQD+8m24lOrNv apKov3qzWkeaLUQ4ndeKQ3Zpfe+CcMsmqW7qjAKrke21lZSJd5rQrPv3WQNOlDsZuvnnF3qO dMKnOkoxyT2VWllv4SCu/1uSHB9ClS0Q65MccxhizRiSEdvikHwC1rEz63Djj8AYZ/iWP2/X KvLS9tm17aQ6mdyiYT7JyiTlOpXTOr/sZOoADwEWR6YJdcv5sPKQiq3i1h3t5rNiOzqxqlaq qZoeZKKUMzIFFKRMVuyyrRBLyyGfBZ72PmdYpv8eoxqpb4ZQM2ruJRm8BzKIJi0+IkKy92L2 bRecd19tekNpgcl3NtIBPDc11MgID1QUIR+yRZ3ZJjl6KyJ+Sc83DUylJ/MsahJpGxpaO69X jscxGf1dswUMgn7ATAM1y44hlNtE6hW4dao4pn7OuUWeS7wmW+60DTdCTKMKo6OO4oqK4png BAFLv6Vs/6Lz2HCt1HTpWo87Gxrmz/5d1pzB0WhdOWDTniwJ/svLYFRkQS896Ga2hYLmx7FH 077ncZyEm8714N8btKaRFKrUXiksh8Y85agV+jkBT00sh6D2TBxGGU6LuiWylsBG3Ny3gAa2 aVMO0ONDCz0xGaunzLUkgbBRJDidhSNkmyY1mfVVOI8fBc2Uv3HtFuEikik6W03eerA65jyb uzCjSUAfUbhD4W3AnbrvSKZMUX+kdgcLRuRp1PTlX6NTj2HiC6p4EDzTuoHPL14m/tC4fCHv SKrd7SJzuW1offy08qsKGy+Nho9OmvWS/NYIpLpz4jVzrjxWgCGI8gSnK54U48/F8HLc2U+v Iy12h6NEUVyIqGVd/UbkDn3Aqx67gHaqBoYM5OxeLCd5Pu5G
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Thu, 06 Feb 2020 12:20:40 -0500
- In-reply-to: <87a75w0w42.fsf@riseup.net>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- References: <7f5cee99-d807-8a42-8fec-d055ddf97631@avanix.es> <20200204211523.cgvuer2b4ekaimi6@raoul> <g0iil93_bESNalXN2cuNNMGZMOHy08drOfjoOCsASF2oFsQr4muJSfttyeYzAAl3wxI4mm9rmoGQXmZog6Bg4A==@protonmail.internalid> <BjOAmRKxsZhI88224-uJ2FHYwjfgiKAEsVuKEx1pSz-hUmhyuAMat56JBXAZ5ezkel14paDdQjqFkQWQlXRG2g==@protonmail.conversationid> <87a75w0w42.fsf@riseup.net>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.4.2
On 2/6/20 5:54 AM, George Kadianakis wrote:
>
> David Goulet <dgoulet@xxxxxxxxxxxxxx> writes:
>
>> On 04 Feb (19:03:38), juanjo wrote:
>>
>> Greetings!
>>
>>> Since no one is posting it here and talking about it, I will post it.
>>>
>>> https://nvd.nist.gov/vuln/detail/CVE-2020-8516
>>>
>>> The guy: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
>>>
>>> Is this real?
>>>
>>> Are we actually not verifying if the IP of the Rend is a node in the Tor
>>> network?
>>
>> We (network team) actually don't think this is a bug but it is actually done
>> on purpose for specific reasons. Please see asn's answer on
>> https://bugs.torproject.org/33129 that explains why that is.
>>
>> Onto the bigger issue at ends that the post explains. I'm going to extract the
>> relevant quote that this post is all about:
>>
>> Remember: the guard rarely changes but the other two hops change often.
>> If he can repeatedly map out my circuit's last node, then he can build a
>> large exclusion list. If he can exclude everything else, then he can find
>> my guard node. And if he can't exclude everything, then he can probably
>> whittle it down to a handful of possible guard nodes.
>>
>> That is indeed a known attack. One can create a set of relays from the 3rd
>> node (last one before connecting to the rendezvous point) selected by the
>> service and doing enough requests to the service, you can end up with a very
>> large set of relays that can _not_ be your Guard due to how path selection
>> works as explained in the blog post.
>>
>
> For what it's worth, I'm glad this discussion has been restarted because
> we did lots of research work in 2018 about these sort of attacks, but we
> were kinda drown in the various tradeoffs and ended up not doing much
> after releasing the vanguard tool.
>
> For people who are following from home and would like to help out here
> is some reading materials:
> https://lists.torproject.org/pipermail/tor-dev/2018-April/013070.html
> https://lists.torproject.org/pipermail/tor-dev/2018-May/013162.html
> https://trac.torproject.org/projects/tor/ticket/25754
>
> Basically, from what I remember, to defend against such attacks we
> either need to change our path selection logic (#24487), or abandon the
> path restrictions that cause infoleaks (big thread above), or use two
> guards (prop#291 plus big thread above). Each of these options has its
> own tradeoffs and we need to analyze them again. If someone could do a
> summary that would be great to get this started again...
>
> For now, if you are afraid of such attacks, you should use and love vanguards!
Yes, specifically vanguards always uses two guards and disables all path
restrictions to mitigate info-leak route disclosure attacks like the above.
Vanilla Tor uses two guards only sometimes, and that is part of the info
leak. Using two guards is not enough by itself, though, for cases where
you get unlucky and choose both guards from the same Family or some
other restriction violating case that will leak info by way of making it
clear which relays you *don't* use for your 3rd hop.
Since MyFamily and the other path restrictions are of questionable
value, but the info leak from using path restrictions is clear and
measurable, we opted to make the tradeoff to disable path restrictions
entirely in the vanguards addon. This is actually done by the
HSLayer*Nodes torrc options that we use. It was significantly less
disruptive to disable path restrictions only if those options were set,
than to redo all path selection in Tor itself. See the parent ticket and
its children for details:
https://trac.torproject.org/projects/tor/ticket/25546
I filed https://github.com/mikeperry-tor/vanguards/issues/53 to make
these choices clear in the vanguards docs. Right now you have to read
the tor manpage for the torrc options we used in order to even know
about these choices, which is not great.
The creation vanguards addon itself was also somewhat controversial -
asn and I basically had to go rogue to get all of these defenses
prototyped in a reasonable time frame. Merging these defenses into Tor
is a significantly larger engineering task than making a python control
port addon.
It is rather sad that we have to make such choices for security
features/improvements like this, and for the tagging problem. But
security features are surprisingly difficult to obtain funding for (!),
and so we often have to find ways to do whatever we can in these areas.
--
Mike Perry
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev