Opened 6 years ago

Closed 4 years ago

#11525 closed enhancement (not a bug)

Sanitize bridge descriptors containing old identity keys

Reported by: karsten Owned by:
Priority: Medium Milestone:
Component: Metrics/CollecTor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Proposal 230 adds support for relays and bridges to migrate from one identity key to another. A relay or bridge that uses this new feature switches to a new identity key and includes information about its old identity key in its server descriptor.

In particular, the following data will be included:

  • old RSA 1024 public identity key (not SHA-1 fingerprint),
  • date and time of migration, and
  • signature of date and time of migration and new identity key fingerprint, made with old identity key.

Sanitized bridge descriptors need to contain sanitized versions of these new fields. For example, we cannot include the full old public identity key, nor the old public identity key fingerprint. In general, we remove all crypto from sanitized bridge descriptors. Here's a suggestion of what we could include:

"old-rsa1024-id-fingerprint" SP FINGERPRINT SP ISO-TIME NL

We'll want to add support for parsing this field in metrics-lib.

Child Tickets

Change History (3)

comment:1 Changed 6 years ago by karsten

Status: newneeds_information

Changing to needs_information until proposal 230 has been implemented and merged.

comment:2 Changed 4 years ago by iwakeh

Severity: Normal

Shouldn't this be closed for the same reason as #11526?

comment:3 Changed 4 years ago by karsten

Resolution: not a bug
Status: needs_informationclosed

Huh, yes. Closing. Thanks for pointing that out.

Note: See TracTickets for help on using tickets.