[tor-bugs] #18319 [Core Tor/Tor]: Exclude relays that don't match pinned RSA/Ed key pairs
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 23 01:04:17 UTC 2017
#18319: Exclude relays that don't match pinned RSA/Ed key pairs
-------------------------------------------------+-------------------------
Reporter: teor | Owner: nickm
Type: defect | Status: closed
Priority: High | Milestone: Tor:
| 0.3.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-ed25519-proto, nickm- | implemented
deferred-20160905, review-group-15 | Actual Points:
Parent ID: | Points: 1
Reviewer: | Sponsor:
| SponsorU-can
-------------------------------------------------+-------------------------
Comment (by teor):
Just a reminder for when we deploy this code:
Has anyone checked that each directory authority's current key pairs are
pinned consistently by every other directory authority?
When we ran into this issue in the test network, I had to delete the RSA
and ed keys for the broken authority, and regenerate them (and then we had
to update all the torrc authority lines). If this happened in the public
network, we would have to update the tor source code.
When the first authority deploys this code, we'll find some
inconsistencies, but it will take a majority of authorities (ideally with
consistent pairings) to affect the consensus.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18319#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list