[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tor-dev
Subject:    Re: [tor-dev] Responsible disclosure
From:       SiNA Rabbani <sina () redteam ! net>
Date:       2014-09-18 21:10:32
Message-ID: CAA8U0RTOXQw37UcdQZPsj3zeA_hVjTgxa5RC2KFNX6+tvb_L_g () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Just in case you need Nick's contact info:


pub   3072R/0x21194EBB165733EA 2004-07-03
      Key fingerprint = B35B F85B F194 89D0 4E28  C33C 2119 4EBB 1657 33EA
uid                 [ unknown] Nick Mathewson <nickm shift+2 alum.mit.edu>
uid                 [ unknown] Nick Mathewson <nickm shift+2 wangafu.net>
uid                 [ unknown] Nick Mathewson <nickm shift+2 freehaven.net>
uid                 [ unknown] [jpeg image of size 3369]
sub   3072R/0x910397D88D29319A 2004-07-03
sub   3072R/0xD2CA27F3F25B8E5E 2004-07-03


On Thu, Sep 18, 2014 at 5:05 PM, Damian Johnson <atagar@torproject.org>
wrote:

> Hi Bram. If it's security related then we have...
>
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security
>
> ... which is a closed list soly subsribed to by Nick and a few others.
> That said though we set that list up years ago for this purpose and
> I'm not spotting it advertised anywhere, so might no longer be the
> best point of contact. Nick can advise.
>
> Cheers! -Damian
>
>
> On Thu, Sep 18, 2014 at 1:59 PM, Bram de Boer <bram@nosur.com> wrote:
> > Hi,
> >
> > How can I responsibly report a bug that might affect security (e.g.
> possibility to DoS Tor nodes)? I searched the torproject.org website, but
> couldn't find any pointers with respect to responsible disclosure.
> >
> > Do I just file a trac ticket and/or drop it in this mailinglist? Do I
> report it directly to some of the key players in this project (Roger, Nick,
> etc.)?
> >
> > Thanks,
> > Bram
> >
> > _______________________________________________
> > tor-dev mailing list
> > tor-dev@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> _______________________________________________
> tor-dev mailing list
> tor-dev@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>

[Attachment #5 (text/html)]

<div dir="ltr">Just in case you need Nick&#39;s contact info:<br><br><br>pub     \
3072R/0x21194EBB165733EA 2004-07-03<br>           Key fingerprint = B35B F85B F194 \
89D0 4E28   C33C 2119 4EBB 1657 33EA<br>uid                                 [ \
unknown] Nick Mathewson &lt;nickm shift+2 <a \
href="http://alum.mit.edu">alum.mit.edu</a>&gt;<br>uid                                \
[ unknown] Nick Mathewson &lt;nickm shift+2 <a \
href="http://wangafu.net">wangafu.net</a>&gt;<br>uid                                 \
[ unknown] Nick Mathewson &lt;nickm shift+2 <a \
href="http://freehaven.net">freehaven.net</a>&gt;<br>uid                              \
[ unknown] [jpeg image of size 3369]<br>sub     3072R/0x910397D88D29319A \
2004-07-03<br>sub     3072R/0xD2CA27F3F25B8E5E 2004-07-03<br><br></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 18, 2014 at 5:05 PM, \
Damian Johnson <span dir="ltr">&lt;<a href="mailto:atagar@torproject.org" \
target="_blank">atagar@torproject.org</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi Bram. If it&#39;s security related then we have...<br> \
<br> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security" \
target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security</a><br>
 <br>
... which is a closed list soly subsribed to by Nick and a few others.<br>
That said though we set that list up years ago for this purpose and<br>
I&#39;m not spotting it advertised anywhere, so might no longer be the<br>
best point of contact. Nick can advise.<br>
<br>
Cheers! -Damian<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On Thu, Sep 18, 2014 at 1:59 PM, Bram de Boer &lt;<a \
href="mailto:bram@nosur.com">bram@nosur.com</a>&gt; wrote:<br> &gt; Hi,<br>
&gt;<br>
&gt; How can I responsibly report a bug that might affect security (e.g. possibility \
to DoS Tor nodes)? I searched the <a href="http://torproject.org" \
target="_blank">torproject.org</a> website, but couldn&#39;t find any pointers with \
respect to responsible disclosure.<br> &gt;<br>
&gt; Do I just file a trac ticket and/or drop it in this mailinglist? Do I report it \
directly to some of the key players in this project (Roger, Nick, etc.)?<br> &gt;<br>
&gt; Thanks,<br>
&gt; Bram<br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; tor-dev mailing list<br>
&gt; <a href="mailto:tor-dev@lists.torproject.org">tor-dev@lists.torproject.org</a><br>
 &gt; <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" \
target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br> \
_______________________________________________<br> tor-dev mailing list<br>
<a href="mailto:tor-dev@lists.torproject.org">tor-dev@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" \
target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br> \
</div></div></blockquote></div><br></div>



_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic