[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16530 [Tor]: uploaded a descriptor with a Ed25519 key but the <rsa, ed25519> keys don't match what they were before.



#16530: uploaded a descriptor with a Ed25519 key but the <rsa,ed25519> keys don't
match what they were before.
-------------------------+--------------------------------
     Reporter:  arma     |      Owner:
         Type:  defect   |     Status:  new
     Priority:  blocker  |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  tor-auth
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+--------------------------------
Changes (by nickm):

 * priority:  normal => blocker


Comment:

 This means that your authority believes that these two routers previously
 had different Ed25519 keys to go with their RSA identity keys, and they
 changed them.  So it's rejecting the descriptors as hopeless.

 Dgoulet ran into this on his relay.

 There are a few possible explanations:
  1. The operators of these routers accidentally deleted or replaced
 ed25519 keys somehow.  (''If this is the case, we should make these
 accidents much harder to trigger.'')
  2. There's a bug in the relay code that deletes or replaces the ed25519
 key without the relay operator knowing. (''If this is the case, we need to
 fix this before releasing 0.2.7.2-alpha or relays will fall off the
 network'')
  3. There's a bug in the authority key-pinning code that makes us think
 the key changed when it didn't.  (''If this is the case, we need to fix it
 before too many authorities upgrade, or they will kick all the >=
 0.2.7.2-alpha relays off the network'')

 I'm calling this a blocker on 0.2.7.2-alpha, in case it's case 2 or case
 3.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16530#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs