I have changed server and tor version (from Tor 0.2.6.10 to Tor 0.2.7.5). My relay works but I have this warning: "http status 400 ("Looks like your keypair does not match its older value.") response from dirserver '208.83.223.34:443'. Please correct." This is my relay fingerprint: 59573AB90614D929360C7D9BCBF3313497A22AA2 What means and what I have to do? The keys for me is correct. Thanks for reply
On 24 Nov 2015, at 01:54, DARKNET.IT info@darknet.it wrote:
I have changed server and tor version (from Tor 0.2.6.10 to Tor 0.2.7.5). My relay works but I have this warning: "http status 400 ("Looks like your keypair does not match its older value.") response from dirserver '208.83.223.34:443'. Please correct." This is my relay fingerprint: 59573AB90614D929360C7D9BCBF3313497A22AA2 What means and what I have to do? The keys for me is correct.
Your relay now has two keys: a RSA 1024-bit key (existing) and an ed25519 key (new). Your fingerprint is generated from the RSA key. Directory authorities ensure that each RSA key and ed25519 key pair only ever appear together.
Did you have an ed25519 key, and then delete it? (or fail to restore it from a backup?) Or perhaps there is a bug in the authority's handling of ed25519 key pairs.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
I have changed server and tor version (from Tor 0.2.6.10 to Tor 0.2.7.5). My relay works but I have this warning: "http status 400 ("Looks like your keypair does not match its older value.") response from dirserver '208.83.223.34:443'. Please correct." This is my relay fingerprint: 59573AB90614D929360C7D9BCBF3313497A22AA2 What means and what I have to do? The keys for me is correct.
Your relay now has two keys: a RSA 1024-bit key (existing) and an ed25519 key (new). Your fingerprint is generated from the RSA key. Directory authorities ensure that each RSA key and ed25519 key pair only ever appear together.
Did you have an ed25519 key, and then delete it? (or fail to restore it from a backup?) Or perhaps there is a bug in the authority's handling of ed25519 key pairs.
dirauth 208.83.223.34 (urras) is running an outdated tor version that is doing key-pinning. If urras upgrades to tor 0.2.7.3-rc this problem will go away, since key-pinning has been disabled for now - see 0.2.7.x's changelog: [1][2].
o Major features (Ed25519 keys, keypinning): - The key-pinning option on directory authorities is now advisory- only by default. In a future version, or when the AuthDirPinKeys option is set, pins are enforced again. Disabling key-pinning seemed like a good idea so that we can survive the fallout of any usability problems associated with Ed25519 keys. Closes ticket 17135.
[1] https://gitweb.torproject.org/tor.git/plain/ChangeLog [2] https://trac.torproject.org/projects/tor/ticket/17135
tor-relays@lists.torproject.org