[tor-bugs] #16580 [Tor]: Reload keypins on SIGHUP? Or provide some other way to undo a single keypin?

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 14 13:55:06 UTC 2015 

#16580: Reload keypins on SIGHUP? Or provide some other way to undo a single
keypin?
--------------------------+--------------------------------
     Reporter:  nickm     |      Owner:
         Type:  defect    |     Status:  new
     Priority:  critical  |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor       |    Version:
   Resolution:            |   Keywords:
Actual Points:            |  Parent ID:  #16530
       Points:            |
--------------------------+--------------------------------
Description changed by nickm:

Old description:

> Right now, there isn't a way to undo a buggy key-pin without stopping the
> authority, editing the keypin file, and restarting it.  Not good:
> authority operators shouldn't have to reboot just because we had a bug.
>
> We should fix this before we release 0.2.7.2-alpha.
>
> I see two options here.
>
> 1. Make it okay to edit the key-pinning journal on a running Tor.  That's
> not so great; we need to be able to append to it, and editors may have
> swap-file races with it.
> 2. Add a torrc option to unpin an existing key.  This would only need to
> be stuck into the torrc once; it would remove the pin, and allow a new
> key pin to occur.

New description:

 Right now, there isn't a way to undo a buggy key-pin without stopping the
 authority, editing the keypin file, and restarting it.  Not good:
 authority operators shouldn't have to reboot just because we had a bug.

 We should fix this before we release 0.2.7.2-alpha.

 I see ~~two~~four options here.

 1. Make it okay to edit the key-pinning journal on a running Tor.  That's
 not so great; we need to be able to append to it, and editors may have
 swap-file races with it.
 2. Add a torrc option to unpin an existing key.  This would only need to
 be stuck into the torrc once; it would remove the pin, and allow a new key
 pin to occur.
 3. No fix; hope that this situation never happens again; tell the
 authoritiy ops to edit the keypinning file when they upgrade, or give them
 a script to do it.
 4. One-off fix: undo the pin in software for the two specific keypairs
 affected, and hope this never happens again.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16580#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list