[tor-bugs] #21107 [Core Tor/Tor]: 0.3.0.x dir auths enforcing ED identity keys: intended?

[Tor Bug Tracker & Wiki]

#21107: 0.3.0.x dir auths enforcing ED identity keys: intended?
--------------------------+------------------------------------
 Reporter:  arma          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.0.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by nickm):

 > So it looks like the dir auths are now enforcing whatever ED key they
 saw from the relay earlier?

 So, this is happening *during the connection attempt*, not during the
 directory voting stage.  Because moria1 knows a descriptor with an Ed25519
 key for this relay, it expects to find that ed25519 key when it connects.
 The same thing would happen to any other 0.3.0.1-alpha client trying to
 connect to this router using that descriptor.

 The difference with a directory authority is that it causes the
 reachability tests to reject this relay.

 I'm fine with this, personally -- we mean to turn key pinning on anyway,
 with #18319 .

 > If so, is there anything we need to do to explain to current relays what
 they need to do or not do?

 They need to make sure they only have one relay running with any given RSA
 key; see #18319 analysis.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21107#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online