[tor-talk] "drop all vulnerable relays from the consensus"
tagnaq
tagnaq at gmail.com
Sun May 15 20:38:45 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
"If someone publishes or demonstrates a code-exec exploit [...] we
should drop all vulnerable relays from the consensus" [1]
- - Does Tor provide Authority Directories with an easy way to reject/drop
relays from the consensus based on the platform string or is this only
possible based on FP or IP?
- - How will Directory Authorities determine if a relay is "vulnerable"?
(inspecting the platform string only)?
thanks,
tagnaq
[1] #2751
CVE-2011-0427
CVE-2010-1676
-----BEGIN PGP SIGNATURE-----
iF4EAREKAAYFAk3QOdUACgkQyM26BSNOM7bRhgD/VeeAefHnfTK+PzdBMOThwchd
w18WFpZDw3Y6BcMXY3ABALRzOc6gSYcBER5Zp5XVyq6h2ShpEdhovFZ0PgjWLocJ
=gSvm
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list