[tor-bugs] #39 [Mixminion-Server]: Certificate rotation sometimes does not happen.

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 4 19:19:51 UTC 2018 

#39: Certificate rotation sometimes does not happen.
------------------------------+-------------------------
 Reporter:  weasel            |          Owner:  nickm
     Type:  defect            |         Status:  closed
 Priority:  Low               |      Milestone:
Component:  Mixminion-Server  |        Version:  0.0.7
 Severity:  Normal            |     Resolution:  wontfix
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+-------------------------
Changes (by arma):

 * status:  assigned => closed
 * resolution:  None => wontfix


Old description:

> [Moved from bugzilla]
> Reporter: nickm at alum.mit.edu (Nick Mathewson)
>
> Description:
> Opened: 2004-06-06 21:54
>

>
> Sometimes, Mixminion servers become inoperable because they do not rotate
> their TLS certificates when they expire.
>
> The cause for this bug is unknown. The bug has existed since at least
> 0.0.6.
>
> You can tell that *another* server has come down with this bug because
> your log says something like:
>
> Jun 06 00:55:08.643 -0400 [WARN] Certificate error: Invalid certificate
> from 'lakshmi' at mixminion.pseudonymity.net:48099 (fd 9):
> Certificate has expired [at Jun  6 00:05:00 2004 GMT]. Shutting down
> connection.
>
> There are no such obvious signs on the failing server side, AFAIK.
>
> As a band-aid, I could make TLS certificates get roatated daily, no
> matter what.  (Right now, their rotation interval is tied to
> packet key rotation.)  This is probably the right thing to do, but before
> I do it, I want to understand why on earth it is happening.
>

> ------- Additional Comments From Nick Mathewson 2004-06-23 21:51 -------
>
> Actually, the diagnosis may be completely wrong.  Looking at
> ServerKeys.py, it seems like (by default)
> certificates only have 5 minutes of sloppiness on either side of their
> lifetime.  Thus, if anybody is
> skewed by more than 5 minutes, their certificate will be invalid for the
> amount of their clock skew.
>
> Hm... I'll up the interval for now, but I really need a way to detect
> relative skew.
>

> ------- Additional Comments From Nick Mathewson 2004-08-26 05:12 -------
>
> I think I might have it nailed now -- I changed the code to warn about
> clock skew when it downloads a directory, bumped up the
> skew tolerance, and rewrote the event scheduling code to be less clever
> and more obviously reliable.  I also improved the warning
> messages so we can find out how badly expired certs are expired.
>
> If anybody sees this problem when running CVS code, please let me know.
>
> [Automatically added by flyspray2trac: Operating System: All]

New description:

 [Moved from bugzilla]
 Reporter: nickm at alum.mit.edu (Nick Mathewson)

 Description:
 Opened: 2004-06-06 21:54



 Sometimes, Mixminion servers become inoperable because they do not rotate
 their TLS certificates when they expire.

 The cause for this bug is unknown. The bug has existed since at least
 0.0.6.

 You can tell that *another* server has come down with this bug because
 your log says something like:

 Jun 06 00:55:08.643 -0400 [WARN] Certificate error: Invalid certificate
 from 'lakshmi' at mixminion.pseudonymity.net:48099 (fd 9):
 Certificate has expired [at Jun  6 00:05:00 2004 GMT]. Shutting down
 connection.

 There are no such obvious signs on the failing server side, AFAIK.

 As a band-aid, I could make TLS certificates get roatated daily, no matter
 what.  (Right now, their rotation interval is tied to
 packet key rotation.)  This is probably the right thing to do, but before
 I do it, I want to understand why on earth it is happening.


 ------- Additional Comments From Nick Mathewson 2004-06-23 21:51 -------

 Actually, the diagnosis may be completely wrong.  Looking at
 ServerKeys.py, it seems like (by default)
 certificates only have 5 minutes of sloppiness on either side of their
 lifetime.  Thus, if anybody is
 skewed by more than 5 minutes, their certificate will be invalid for the
 amount of their clock skew.

 Hm... I'll up the interval for now, but I really need a way to detect
 relative skew.


 ------- Additional Comments From Nick Mathewson 2004-08-26 05:12 -------

 I think I might have it nailed now -- I changed the code to warn about
 clock skew when it downloads a directory, bumped up the
 skew tolerance, and rewrote the event scheduling code to be less clever
 and more obviously reliable.  I also improved the warning
 messages so we can find out how badly expired certs are expired.

 If anybody sees this problem when running CVS code, please let me know.

 [Automatically added by flyspray2trac: Operating System: All]

--

Comment:

 mixminion is dead; long live mixminion

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/39#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list