[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #21107 [Core Tor/Tor]: 0.3.0.x dir auths enforcing ED identity keys: intended?
#21107: 0.3.0.x dir auths enforcing ED identity keys: intended?
--------------------------+------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.0.1-alpha
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by nickm):
> So it looks like the dir auths are now enforcing whatever ED key they
saw from the relay earlier?
So, this is happening *during the connection attempt*, not during the
directory voting stage. Because moria1 knows a descriptor with an Ed25519
key for this relay, it expects to find that ed25519 key when it connects.
The same thing would happen to any other 0.3.0.1-alpha client trying to
connect to this router using that descriptor.
The difference with a directory authority is that it causes the
reachability tests to reject this relay.
I'm fine with this, personally -- we mean to turn key pinning on anyway,
with #18319 .
> If so, is there anything we need to do to explain to current relays what
they need to do or not do?
They need to make sure they only have one relay running with any given RSA
key; see #18319 analysis.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21107#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs