[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] bad validity timestamps on authority certificates

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] bad validity timestamps on authority certificates
From: Roger Dingledine <arma@xxxxxxx>
Date: Sat, 5 Nov 2011 02:14:43 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 05 Nov 2011 02:14:56 -0400
In-reply-to: <201111042306.pA4N6fup027052@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <201111042306.pA4N6fup027052@xxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)

On Fri, Nov 04, 2011 at 06:06:41PM -0500, Scott Bennett wrote:
> Nov 04 15:51:00.273 [warn] Certificate not yet valid: is your system clock set incorrectly?
> Nov 04 15:51:00.274 [warn] (certificate lifetime runs from Nov  5 04:26:47 2011 GMT through Nov  4 04:26:47 2012 GMT. Your time is Nov 04 20:51:00 2011 GMT.)
[snip]
> My system's clock gets adjusted to the network timeservers' values once per
> hour.  I've checked the logs and found that the each adjustment has been less
> than 71 ms during this time.
>      So the question is why are the authorities putting out new certificates
> with valid time periods beginning six or more hours in the future?  Also, when
> will the authorities be corrected?

These aren't directory authorities. These are just random relays that
you're connecting to who have clocks more than an hour off, and an
over-active log message.

See
https://trac.torproject.org/projects/tor/ticket/4370
https://trac.torproject.org/projects/tor/ticket/4371

This is the alpha Tor, with a shiny new (and still somewhat
sharp-around-the-edges) v3 link handshake. I'm glad this one doesn't
crash, like the last one did. :)

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] bad validity timestamps on authority certificates
  - From: Scott Bennett

Prev by Author: Re: [tor-relays] Middleman/guard nodes raided in the Netherlands
Next by Author: [tor-relays] bad validity timestamps on authority certificates
Previous by thread: [tor-relays] bad validity timestamps on authority certificates
Next by thread: Re: [tor-relays] bad validity timestamps on authority certificates
Index(es):
- Author
- Thread