Opened 3 years ago

Last modified 5 months ago

#20969 assigned enhancement

Detect relays that don't update their onion keys every 7 days.

Reported by: dgoulet Owned by: gk
Priority: Medium Milestone:
Component: Core Tor Version:
Severity: Normal Keywords: network-health
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


This is related to #20055 which would be an important thing to monitor for the health and security of the network.

There are multiple things here that can be or should be checked.

The onion-key field is an RSA key so DocTor will need to keep a persistent database of those over time (only used for TAP handshake).

The ntor-onion-key field also can be monitored the same as the RSA key.

If the ntor-onion-key-crosscert field is present, you'll get a timestamp for free in the certificate which should have the exp_field set to the last published time + 7 days.

In any case, a router SHOULD NOT have either a TAP or ntor onion key _more_ than 7 days as this is hardcoded in Tor. If they do, it could be another implementation but finding them would be good so we can warn/ask them to fix. Or better, detect bugs as well on tor implementation that could keep those for a longer time.

Child Tickets

Change History (8)

comment:1 Changed 3 years ago by teor

I wonder if a read-only DataDirectory (or keys directory) could cause this issue.
Let's ask the operators with this issue to help us work out why it happens.

comment:2 Changed 3 years ago by atagar

Hi David, just wanted to leave a quick note apologizing for not getting back to ya yet. This is on my radar - sadly along with a dozen other things. ;)

comment:3 Changed 3 years ago by atagar

Hmmm, on reflection actually not really sure of the ROI of writing this check. Not overly hard but would take me a few hours. Think I'm gonna need to say 'patches welcome' to this one. Sorry. :(

comment:4 Changed 5 months ago by atagar

Resolution: wontfix
Status: newclosed

comment:5 Changed 5 months ago by arma

Cc: gk added
Keywords: network-health added

letting gk know about this ticket so we can accumulate some scope guidance for the network health team.

comment:6 Changed 5 months ago by gk

Component: Core Tor/DocTorCore Tor
Resolution: wontfix
Status: closedreopened

Sounds like a thing we actually want to do. Re-opening for the time being. There is no network-health sub component yet (maybe we don't even want one), so leaving that one empty for now.

comment:7 Changed 5 months ago by gk

Status: reopenednew

I guess we should talk to the network team about prio and scope of this bug, though, given that this ticket "rotted" for 3 years.

Last edited 5 months ago by gk (previous) (diff)

comment:8 Changed 5 months ago by gk

Owner: changed from atagar to gk
Status: newassigned
Note: See TracTickets for help on using tickets.