>> > I have changed server and tor version (from Tor 0.2.6.10 to Tor
>> > 0.2.7.5). My relay works but I have this warning:
>> > "http status 400 ("Looks like your keypair does not match its older
>> > value.") response from dirserver '208.83.223.34:443'. Please correct."
>> > This is my relay fingerprint: 59573AB90614D929360C7D9BCBF3313497A22AA2
>> > What means and what I have to do? The keys for me is correct.
> Your relay now has two keys: a RSA 1024-bit key (existing) and an ed25519 key (new).
> Your fingerprint is generated from the RSA key.
> Directory authorities ensure that each RSA key and ed25519 key pair only ever appear together.
>
> Did you have an ed25519 key, and then delete it? (or fail to restore it from a backup?)
> Or perhaps there is a bug in the authority's handling of ed25519 key pairs.
dirauth 208.83.223.34 (urras) is running an outdated tor version that is
doing key-pinning. If urras upgrades to tor 0.2.7.3-rc this problem will
go away, since key-pinning has been disabled for now - see 0.2.7.x's
changelog: [1][2].
> o Major features (Ed25519 keys, keypinning):
> - The key-pinning option on directory authorities is now advisory-
> only by default. In a future version, or when the AuthDirPinKeys
> option is set, pins are enforced again. Disabling key-pinning
> seemed like a good idea so that we can survive the fallout of any
> usability problems associated with Ed25519 keys. Closes
> ticket 17135.
[1] https://gitweb.torproject.org/tor.git/plain/ChangeLog
[2] https://trac.torproject.org/projects/tor/ticket/17135
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays