[tor-bugs] #11448 [Tor]: Dirauths must support multiple relay identity keys at once
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 8 17:46:32 UTC 2014
#11448: Dirauths must support multiple relay identity keys at once
----------------------+------------------------------------
Reporter: rransom | Owner:
Type: defect | Status: new
Priority: critical | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Keywords: tor-auth | Actual Points:
Parent ID: | Points:
----------------------+------------------------------------
As discussed on [https://blog.torproject.org/blog/openssl-bug-
cve-2014-0160], directory authorities must rotate their relay identity
keys in order to recover from possible exposure due to the ‘Heartbleed’
bug. (A dirauth's relay identity key could be used by a MITM attacker to
feed clients an outdated consensus, for example.)
There are two requirements in order to do this without causing a network
meltdown:
* A dirauth must be able to sign relay descriptors using multiple relay
identity keys at once.
* A dirauth must be able to operate multiple ORPorts at once, with
(possibly) different relay identity keys.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11448>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list