[tor-bugs] #20055 [Core Tor/Tor]: Remove relays that fail to rotate onion keys from the consensus
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 2 03:16:13 UTC 2016
#20055: Remove relays that fail to rotate onion keys from the consensus
------------------------------+-----------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: torspec, 030-proposed
Actual Points: | Parent ID:
Points: 2 | Reviewer:
Sponsor: |
------------------------------+-----------------------------------
On #7164, a cypherpunks notes that ~40 relays fail to rotate their onion
keys. This should be addressed by identifying these relays, and adding
them to the DirAuths' AuthDirInvalid or AuthDirReject lists.
First, we need to update torspec/dir-spec.txt to say that relays SHOULD
rotate their onion keys every 7 days, and MUST rotate them every N days.
(I suggest 14 or 28.)
Then we can modify DocTor to check for relays in the consensus that have
had the same onion key for N days. (I think DocTor is the right place for
this check.)
This won't catch cases where relays repeat onion keys, but it will suffice
to catch the most obvious misconfiguration - a read-only onion key file.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20055>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list