[tor-bugs] #11457 [Tor]: Making a signing cert in the future will make everybody discard your real signing cert and then want it again
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 9 07:54:52 UTC 2014
#11457: Making a signing cert in the future will make everybody discard your real
signing cert and then want it again
--------------------+------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Keywords: | Actual Points:
Parent ID: | Points:
--------------------+------------------------------------
Run an authority, with a normal signing authority_certificate. Then move
your date into the future (has to be more than one week in the future),
and generate and use another signing cert. Relays, clients, and other
directory authorities will smoothly upgrade to your new one, and (barring
issues like #11454) throw out your old signing cert.
Then throw out your shiny new one, and go back to the one you had been
using. Other Tors (dir auths, relays, clients) will say "oh hey, a
signature from a cert I don't recognize, let me fetch that". So far so
good.
Then 60 seconds later they'll discard this cert, because they know a newer
one. Oops.
But this is where is gets good. Your authority discards this older cert
too. So do other authorities. And relays.
And then everybody wants a copy and nobody has one, so every 60 seconds
everybody asks the next layer up in the dir hierarchy. Everybody's logs
are filled with
{{{
Apr 09 03:44:55.000 [warn] Received http status code 404 ("Not found")
from server '127.0.0.1:3002' while fetching "/tor/keys/fp-sk
/AD23D263206B997C73AF9B488322E91766748C2C-
4335577168B0C0C22AC4A1A0707DD72F41CC8DA6".
}}}
each minute.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11457>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list