[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18319 [Core Tor/Tor]: Exclude relays that don't match pinned RSA/Ed key pairs



#18319: Exclude relays that don't match pinned RSA/Ed key pairs
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  nickm
     Type:  defect                               |         Status:  closed
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.3.0.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-ed25519-proto, nickm-            |  implemented
  deferred-20160905, review-group-15             |  Actual Points:
Parent ID:                                       |         Points:  1
 Reviewer:                                       |        Sponsor:
                                                 |  SponsorU-can
-------------------------------------------------+-------------------------

Comment (by teor):

 Just a reminder for when we deploy this code:

 Has anyone checked that each directory authority's current key pairs are
 pinned consistently by every other directory authority?

 When we ran into this issue in the test network, I had to delete the RSA
 and ed keys for the broken authority, and regenerate them (and then we had
 to update all the torrc authority lines). If this happened in the public
 network, we would have to update the tor source code.

 When the first authority deploys this code, we'll find some
 inconsistencies, but it will take a majority of authorities (ideally with
 consistent pairings) to affect the consensus.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18319#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs