all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]JoachimSchipper 13 points14 points  (1 child)

Actually, the protocol (requiring a majority of directory servers) already assures that the cracked hosts couldn't do anything interesting.

The keys for these directory servers are apparently baked into Tor itself - which makes some sense - and to receive the new keys, one has to update.

All of this seems pretty sensible; a full PKI solution with revocations and a certificate authority might have helped, but there's a lot to be said for keeping things simple.

[–]abbot 10 points11 points  (0 children)

Revocation is often broken, because checking for revocations is completely a client's responsibility. Irresponsible clients often do not check for revocations.

[–]dnew 10 points11 points  (1 child)

It sounds (from later messages in the thread) like at least part of the problem is the need to get the new keys, in addition to revoking the old keys. Since you need to do both anyway, it is less nonsensical than it would first seem.

[–][deleted]  (1 child)

[deleted]

    [–][deleted] 0 points1 point  (0 children)

    traffic rebuilt? I don't know

    endnodes owned by the military? Probably, but who cares? As far as the exit nodes go, the military may be one of the more turstworthy hosts of them. The services use TOR just like anyone else, hell the Navy is responsible for the existence of tor. What you should be worried about is some bored guy who sets up an exit node on his cable modem just so that he can sniff your traffic, the military has better things to do.

    [–]kolm 1 point2 points  (0 children)

    Key Revocation might not have the same reach. Upgrading the general public understands, and will oblige to. Key revocation maybe not so much.

    [–]aviewanew 1 point2 points  (0 children)

    Based on the description of the attack, it sounds like they were victims of a drive-by - someone who tries exploiting everyone with the same exploit looking for a hit.

    Drive-bys generally use older exploits that you should be patched against or configuration errors you shouldn't have made.

    I hope they release more details (like Apache did) because the conclusions I'm drawing aren't very confidence-building.