[tor-bugs] #16530 [Tor]: uploaded a descriptor with a Ed25519 key but the <rsa, ed25519> keys don't match what they were before.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 9 16:24:20 UTC 2015
#16530: uploaded a descriptor with a Ed25519 key but the <rsa,ed25519> keys don't
match what they were before.
-------------------------+--------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: blocker | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-auth
Actual Points: | Parent ID:
Points: |
-------------------------+--------------------------------
Changes (by nickm):
* priority: normal => blocker
Comment:
This means that your authority believes that these two routers previously
had different Ed25519 keys to go with their RSA identity keys, and they
changed them. So it's rejecting the descriptors as hopeless.
Dgoulet ran into this on his relay.
There are a few possible explanations:
1. The operators of these routers accidentally deleted or replaced
ed25519 keys somehow. (''If this is the case, we should make these
accidents much harder to trigger.'')
2. There's a bug in the relay code that deletes or replaces the ed25519
key without the relay operator knowing. (''If this is the case, we need to
fix this before releasing 0.2.7.2-alpha or relays will fall off the
network'')
3. There's a bug in the authority key-pinning code that makes us think
the key changed when it didn't. (''If this is the case, we need to fix it
before too many authorities upgrade, or they will kick all the >=
0.2.7.2-alpha relays off the network'')
I'm calling this a blocker on 0.2.7.2-alpha, in case it's case 2 or case
3.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16530#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list