[tor-bugs] #18319 [Core Tor/Tor]: Exclude relays that don't match pinned RSA/Ed key pairs

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Oct 31 15:59:29 UTC 2016 

#18319: Exclude relays that don't match pinned RSA/Ed key pairs
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  andrea
     Type:  defect                               |         Status:
                                                 |  assigned
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.3.0.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-ed25519-proto, nickm-            |  Actual Points:
  deferred-20160905                              |
Parent ID:                                       |         Points:  1
 Reviewer:                                       |        Sponsor:
                                                 |  SponsorU-can
-------------------------------------------------+-------------------------

Comment (by nickm):

 Teor says:
 >I suggest that we email these operators (or these operators filtered by
 some characteristic, like "bandwidth over 1MByte/second"), and let them
 know their relay is misconfigured, and they will soon be excluded from the
 consensus.

 IMO this is fine to do, but we need to explain it right.

 When we turn on pinning, the most recent journal entry will rule.  So a
 relay will only be excluded from the consensus if its most recently pinned
 Ed25519 key is not the one it uses.  So if somebody switched Ed keys once
 a few months ago, they won't get penalized here.  This only affects them
 if they are switching frequently, or if they switch keys again.

 The rule for relays becomes:
 {{{
 Always use the same Ed25519 identity with the same RSA identity.
 }}}
 So, don't switch one unless you also switch the other.  If you lose one,
 don't try to retain the other.

 Sebastian says:
 > One of these is a dirauth (dizum).

 We should probably make sure that whatever made Dizum change its ed25519
 key won't happen again.

 > How will this all work, by the way? My key pinning journal goes back one
 year and has more entries than what is written above, including more than
 just the dirauth above.

 Once key pinning is turned on, an authority will believe the latest entry
 for any given RSA key.  They will not accept a descriptor signed with that
 RSA identity key unless it also has the provided Ed25519 identity.  So it
 only affects the voting, not the consensus.

 > Should we maybe throw away all the journals and email those above
 anyway, informing them that they would be excluded in the future if they
 kept doing this?

 IMO we should not throw away the journals; they're all correct
 information.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18319#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list