-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

I've updated OpenSSL, deleted the keys on my exit per the recommendations, and restarted the whole box. I got a new fingerprint. I'll watch to see how long the flags take to come back, but I predict it will be like a new relay. I wonder how this changes the flow rates across the Tor network. Perhaps adversary-controlled exits may not be upgraded so that they can keep their percentage advantages and take advantage of the disruption. In due time things will come back to normal.

I'd recommend that every relay operator delete their keys as well, just to be safe. Pure speculation on my part here, but a well-resourced adversary might have seized the moment and done some attacking, or perhaps they knew about it beforehand. This is a major vulnerability. Admins are revoking SSL certificates, and that's for web servers. The blog post is very helpful for outlining how this exploit affects us, but let's assume the worst here.

While we're updating, how about we all make sure we are running the 0.2.4 series of Tor, preferably 0.2.4.21. Switch to the Tor Project's repositories if you haven't already.

Good luck guys.

Jesse V.