[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #31669 [Core Tor/Tor]: Invalid signature for service descriptor signing key: expired



#31669: Invalid signature for service descriptor signing key: expired
--------------------------+------------------------------
 Reporter:  a_p           |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:  Tor: 0.4.1.5
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------

Comment (by teor):

 Replying to [comment:1 arma]:
 > This message sounds like there is an onion service involved, but the
 onion service is broken (its signing key is old, perhaps because its clock
 is super wrong).
 >
 > Was this a warning-level log? Your quote doesn't say what log severity
 it was.

 Yes, it's a warning-level log:
 https://github.com/torproject/tor/blob/27e067df4fd3148b59dd0377d1a7b111460a2b53/src/feature/hs/hs_descriptor.c#L1293

 > Were there any onion services involved in these exit relays? E.g. they
 hosted some or they were visiting some as a client?
 >
 > The other possibility is that they were simply being normal HSDirs, and
 relays that receive encrypted onion descriptors still validate them enough
 to find this error. In that case we should consider turning the log into
 an info-level log, since there is nothing your relay can do about it.

 We should make it a protocol warning, so that we still see it in test
 networks.

 It looks like there are a lot of warnings in the cert code, which should
 actually be protocol warnings. Maybe we need to pass an "is_remote" flag
 to our validation code, and switch to protocol warnings when it is true.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31669#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs