[tor-bugs] #18812 [Tor]: [warn] Tried connecting to router at 81.7.17.171:443, but identity key was not as expected: wanted 00C4B4731658D3B4987132A3F77100CFCB190D97 but got CFECDDCA990E3EF7B7EC958B22441386B6B8D820.

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 15 15:51:53 UTC 2016 

#18812: [warn] Tried connecting to router at 81.7.17.171:443, but identity key was
not as expected: wanted 00C4B4731658D3B4987132A3F77100CFCB190D97 but got
CFECDDCA990E3EF7B7EC958B22441386B6B8D820.
-------------------------------------------------+-------------------------
 Reporter:  arma                                 |          Owner:
     Type:  defect                               |         Status:
 Priority:  Medium                               |  needs_information
Component:  Tor                                  |      Milestone:  Tor:
 Severity:  Normal                               |  0.2.8.x-final
 Keywords:  fallback, must-fix-before-028-rc,    |        Version:  Tor:
  easy                                           |  0.2.8.1-alpha
Parent ID:                                       |     Resolution:
 Reviewer:                                       |  Actual Points:
                                                 |         Points:  small
                                                 |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 '''Fallback List Creation Fix'''

 The updateFallbackDirs.py script now logs a warning when a fallback's IP
 (v4 or v6) and ORPort (v4 or v6) match, but the key id does not.

 We can deal with these the same way we deal with added or missing IPv6
 addresses (or any other fallback detail change):
 * the script excludes the relay automatically because it doesn't match the
 whitelist entry exactly,
 * someone contacts the operator to confirm whether the change is permanent
 and will last 2 years,
 * if they are stable, we update the whitelist with the relay's new
 details.

 I added a commit to my branch fallbacks-201604-v9 which checks for key
 mismatches. I also upgraded any detail change from the whitelist to a
 warning. Looks like I have some other operators to contact about IPv4
 changes:

 {{{
 WARNING::6DE61A6F72C1E5418A66BFED80DFB63E4C77668F excluded: has it changed
 IPv4 from 85.25.138.93 to 91.121.84.137?
 WARNING::00C4B4731658D3B4987132A3F77100CFCB190D97 excluded: has OR
 81.7.17.171:443 changed fingerprint to
 CFECDDCA990E3EF7B7EC958B22441386B6B8D820?
 WARNING::00C4B4731658D3B4987132A3F77100CFCB190D97 excluded: has OR
 [2a02:180:1:1::517:11ab]:443 changed fingerprint to
 CFECDDCA990E3EF7B7EC958B22441386B6B8D820?
 WARNING::774555642FDC1E1D4FDF2E0C31B7CA9501C5C9C7 excluded: has it changed
 IPv4 from 188.166.123.212 to 188.166.133.133?
 }}}

 Fortunately, my mail client is good at searching for 40-character hex
 strings.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18812#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list