[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #28095 [Core Tor/Tor]: dirauth key pinning can be bypassed sometimes?
#28095: dirauth key pinning can be bypassed sometimes?
------------------------------+------------------------------
Reporter: catalyst | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-dirauth
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+------------------------------
It looks like sometimes key pinning can be bypassed. One example is in
#27800, where it seems that an ed25519 key got shared between two relays
(Or maybe that's two iterations of the same relay, where the operator
rolled the RSA key but not the ed25519 key.)
Fixing this the "right" way might involve keeping multiple versions of a
relay descriptor around, with metadata about which vote or consensus it
goes with.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28095>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs