[tor-relays] warning in my relay log (urras doing key-pinning)

[nusenu]

>> > I have changed server and tor version (from Tor 0.2.6.10 to Tor
>> > 0.2.7.5). My relay works but I have this warning:
>> > "http status 400 ("Looks like your keypair does not match its older
>> > value.") response from dirserver '208.83.223.34:443'. Please correct."
>> > This is my relay fingerprint: 59573AB90614D929360C7D9BCBF3313497A22AA2
>> > What means and what I have to do? The keys for me is correct.
> Your relay now has two keys: a RSA 1024-bit key (existing) and an ed25519 key (new).
> Your fingerprint is generated from the RSA key.
> Directory authorities ensure that each RSA key and ed25519 key pair only ever appear together.
> 
> Did you have an ed25519 key, and then delete it? (or fail to restore it from a backup?)
> Or perhaps there is a bug in the authority's handling of ed25519 key pairs.

dirauth 208.83.223.34 (urras) is running an outdated tor version that is
doing key-pinning. If urras upgrades to tor 0.2.7.3-rc this problem will
go away, since key-pinning has been disabled for now - see 0.2.7.x's
changelog: [1][2].

>   o Major features (Ed25519 keys, keypinning):
>     - The key-pinning option on directory authorities is now advisory-
>       only by default. In a future version, or when the AuthDirPinKeys
>       option is set, pins are enforced again. Disabling key-pinning
>       seemed like a good idea so that we can survive the fallout of any
>       usability problems associated with Ed25519 keys. Closes
>       ticket 17135.



[1] https://gitweb.torproject.org/tor.git/plain/ChangeLog
[2] https://trac.torproject.org/projects/tor/ticket/17135

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151123/2d398dc5/attachment.sig>