Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#16446 closed defect (fixed)

Update FTE bridge fingerprint

Reported by: kpdyer Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: tbb-gitian
Cc: gk, mikeperry Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

One of the FTE bridges had a catastrophic failure and I had to rebuild it. Unfortunately, I couldn't find the right backups and the fingerprint has changed.

Can you please update the following in the Tor Browser

extensions.torlauncher.default_bridge.fte.1
extensions.torlauncher.default_bridge.fte-ipv6.1

from

old fingerprint: B629B0B607C8AC9349B5646C24E9D242184F5B6E

to

new fingerprint: FDC5BA65D93B6BCA5EBDF8EF8E4FA936B7F1F8E5

Thanks!

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by gk

Keywords: tbb-gitian added
Resolution: fixed
Status: newclosed

This made it into our 4.5.3 stable (16c6fa4a20e67cb34fc2e29680eca6e9fa890b2f) and 5.0a3 alpha builds (1d57b74a17a246b7e1e49eaa14a26c4824011298).

comment:2 Changed 4 years ago by asn

If we just change the fpr, isn't it the case that TBB users who use the previous stable version, will get a "we expected to get fpr X but we got fpr Y" message?

I guess we can tell them that they need to upgrade to the latest version anyway since there are exploitable browser vulnerabilities, but I hope they see this answer before they freak out.

comment:3 Changed 4 years ago by kpdyer

Users who use a previous stable version should (hopefully) not experience any problems. The TBB should just skip over that bridge and use the 2nd, 3rd, etc. bridge on the list. So, hopefully it shouldn't be a problem unless a user manually enters only this bridge with the old fingerprint.

The real failure here is that I didn't backup the bridge's keys, and the bridge had a complete failure. That would have averted this whole problem. Now, I've backed up the keys for all the bridges I run.

Given the circumstances, is that reasonable? I guess we could spin up the bridge on a new IP such that there isn't the fingerprint changed message. Would that be more user friendly?

Last edited 4 years ago by kpdyer (previous) (diff)
Note: See TracTickets for help on using tickets.