[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] keypair does not match its older value



On Tue, Jun 20, 2017 at 11:04:31PM +0100, Alexander Nasonov wrote:
> I tried moving a tor relay with offline master key to a new host but
> something went wrong and it printed several warnings:
> 
> http status 400 ("Looks like your keypair does not match its older value.") response from dirserver

This complaint happens when in the past you ran the relay with a given
RSA identity key and ED identity key, and now one of them has changed.

> What did I screw up and how to fix this problem if it happends again?

Either move back to both of the original identity keys, or discard both
identity keys and start fresh.

> I suspect it will happen again because I generate a new signing key more
> frequently than necessary. I create '15 days' key every week and upload
> it (over onion ssh connection). This scheme should be resistant to
> occasional upload failures but it's not clear which of the last three
> signing keys to use on restart. If passing the wrong key can bring down
> the relay I need to switch to a different scheme.

In theory (i.e. assuming no surprising bugs), updating your signing key
should not be relevant here.

(Thanks for running a relay!)

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays