[tor-bugs] #27838 [Core Tor/Tor]: v3 onion service wrongly considers Invalid signature for service descriptor signing key: expired

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Oct 18 16:44:09 UTC 2018


#27838: v3 onion service wrongly considers Invalid signature for service descriptor
signing key: expired
--------------------------+------------------------------------
 Reporter:  s7r           |          Owner:  dgoulet
     Type:  defect        |         Status:  accepted
 Priority:  High          |      Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  tor-hs        |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by dgoulet):

 Ok after a discussion with asn, the right thing to do is to:

 1) Identify the mutable values within a descriptors that would need to be
 refreshed before uploading (for instance, revision counter). We already
 have several of these so we would also need to add the certificate
 creation so we always have fresh cert. The time is rounded down to the
 hour so to avoid the leak of when _exactly_ the descriptor is uploaded.

 2) Add such a function that refreshes all the mutable values before
 uploading.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27838#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list