[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #31669 [Core Tor/Tor]: Invalid signature for service descriptor signing key: expired

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #31669 [Core Tor/Tor]: Invalid signature for service descriptor signing key: expired
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 08 Sep 2019 23:25:17 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 08 Sep 2019 19:25:27 -0400
In-reply-to: <043.1e7b1544224180fd5fb1d314df6cfe1f@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.1e7b1544224180fd5fb1d314df6cfe1f@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#31669: Invalid signature for service descriptor signing key: expired
--------------------------+------------------------------
 Reporter:  a_p           |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:  Tor: 0.4.1.5
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------

Comment (by teor):

 Replying to [comment:1 arma]:
 > This message sounds like there is an onion service involved, but the
 onion service is broken (its signing key is old, perhaps because its clock
 is super wrong).
 >
 > Was this a warning-level log? Your quote doesn't say what log severity
 it was.

 Yes, it's a warning-level log:
 https://github.com/torproject/tor/blob/27e067df4fd3148b59dd0377d1a7b111460a2b53/src/feature/hs/hs_descriptor.c#L1293

 > Were there any onion services involved in these exit relays? E.g. they
 hosted some or they were visiting some as a client?
 >
 > The other possibility is that they were simply being normal HSDirs, and
 relays that receive encrypted onion descriptors still validate them enough
 to find this error. In that case we should consider turning the log into
 an info-level log, since there is nothing your relay can do about it.

 We should make it a protocol warning, so that we still see it in test
 networks.

 It looks like there are a lot of warnings in the cert code, which should
 actually be protocol warnings. Maybe we need to pass an "is_remote" flag
 to our validation code, and switch to protocol warnings when it is true.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31669#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #31669 [Core Tor/Tor]: Invalid signature for service descriptor signing key: expired
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #29320 [Applications/Tor Browser]: Use mingw-w64/clang toolchain to build Rust
Next by Author: Re: [tor-bugs] #31400 [Metrics/Onionoo]: Add Onionoo's master branch to GitLab's CI
Previous by thread: Re: [tor-bugs] #31669 [Core Tor/Tor]: Invalid signature for service descriptor signing key: expired
Next by thread: Re: [tor-bugs] #31669 [Core Tor/Tor]: Invalid signature for service descriptor signing key: expired
Index(es):
- Author
- Thread