[prev in list] [next in list] [prev in thread] [next in thread]
List: tor-dev
Subject: Re: [tor-dev] Responsible disclosure
From: SiNA Rabbani <sina () redteam ! net>
Date: 2014-09-18 21:10:32
Message-ID: CAA8U0RTOXQw37UcdQZPsj3zeA_hVjTgxa5RC2KFNX6+tvb_L_g () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Just in case you need Nick's contact info:
pub 3072R/0x21194EBB165733EA 2004-07-03
Key fingerprint = B35B F85B F194 89D0 4E28 C33C 2119 4EBB 1657 33EA
uid [ unknown] Nick Mathewson <nickm shift+2 alum.mit.edu>
uid [ unknown] Nick Mathewson <nickm shift+2 wangafu.net>
uid [ unknown] Nick Mathewson <nickm shift+2 freehaven.net>
uid [ unknown] [jpeg image of size 3369]
sub 3072R/0x910397D88D29319A 2004-07-03
sub 3072R/0xD2CA27F3F25B8E5E 2004-07-03
On Thu, Sep 18, 2014 at 5:05 PM, Damian Johnson <atagar@torproject.org>
wrote:
> Hi Bram. If it's security related then we have...
>
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security
>
> ... which is a closed list soly subsribed to by Nick and a few others.
> That said though we set that list up years ago for this purpose and
> I'm not spotting it advertised anywhere, so might no longer be the
> best point of contact. Nick can advise.
>
> Cheers! -Damian
>
>
> On Thu, Sep 18, 2014 at 1:59 PM, Bram de Boer <bram@nosur.com> wrote:
> > Hi,
> >
> > How can I responsibly report a bug that might affect security (e.g.
> possibility to DoS Tor nodes)? I searched the torproject.org website, but
> couldn't find any pointers with respect to responsible disclosure.
> >
> > Do I just file a trac ticket and/or drop it in this mailinglist? Do I
> report it directly to some of the key players in this project (Roger, Nick,
> etc.)?
> >
> > Thanks,
> > Bram
> >
> > _______________________________________________
> > tor-dev mailing list
> > tor-dev@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> _______________________________________________
> tor-dev mailing list
> tor-dev@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
[Attachment #5 (text/html)]
<div dir="ltr">Just in case you need Nick's contact info:<br><br><br>pub \
3072R/0x21194EBB165733EA 2004-07-03<br> Key fingerprint = B35B F85B F194 \
89D0 4E28 C33C 2119 4EBB 1657 33EA<br>uid [ \
unknown] Nick Mathewson <nickm shift+2 <a \
href="http://alum.mit.edu">alum.mit.edu</a>><br>uid \
[ unknown] Nick Mathewson <nickm shift+2 <a \
href="http://wangafu.net">wangafu.net</a>><br>uid \
[ unknown] Nick Mathewson <nickm shift+2 <a \
href="http://freehaven.net">freehaven.net</a>><br>uid \
[ unknown] [jpeg image of size 3369]<br>sub 3072R/0x910397D88D29319A \
2004-07-03<br>sub 3072R/0xD2CA27F3F25B8E5E 2004-07-03<br><br></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 18, 2014 at 5:05 PM, \
Damian Johnson <span dir="ltr"><<a href="mailto:atagar@torproject.org" \
target="_blank">atagar@torproject.org</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi Bram. If it's security related then we have...<br> \
<br> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security" \
target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security</a><br>
<br>
... which is a closed list soly subsribed to by Nick and a few others.<br>
That said though we set that list up years ago for this purpose and<br>
I'm not spotting it advertised anywhere, so might no longer be the<br>
best point of contact. Nick can advise.<br>
<br>
Cheers! -Damian<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On Thu, Sep 18, 2014 at 1:59 PM, Bram de Boer <<a \
href="mailto:bram@nosur.com">bram@nosur.com</a>> wrote:<br> > Hi,<br>
><br>
> How can I responsibly report a bug that might affect security (e.g. possibility \
to DoS Tor nodes)? I searched the <a href="http://torproject.org" \
target="_blank">torproject.org</a> website, but couldn't find any pointers with \
respect to responsible disclosure.<br> ><br>
> Do I just file a trac ticket and/or drop it in this mailinglist? Do I report it \
directly to some of the key players in this project (Roger, Nick, etc.)?<br> ><br>
> Thanks,<br>
> Bram<br>
><br>
> _______________________________________________<br>
> tor-dev mailing list<br>
> <a href="mailto:tor-dev@lists.torproject.org">tor-dev@lists.torproject.org</a><br>
> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" \
target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br> \
_______________________________________________<br> tor-dev mailing list<br>
<a href="mailto:tor-dev@lists.torproject.org">tor-dev@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" \
target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br> \
</div></div></blockquote></div><br></div>
_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic