Opened 3 years ago

Last modified 3 years ago

#20969 new enhancement

Detect relays that don't update their onion keys every 7 days.

Reported by: dgoulet Owned by: atagar
Priority: Medium Milestone:
Component: Core Tor/DocTor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


This is related to #20055 which would be an important thing to monitor for the health and security of the network.

There are multiple things here that can be or should be checked.

The onion-key field is an RSA key so DocTor will need to keep a persistent database of those over time (only used for TAP handshake).

The ntor-onion-key field also can be monitored the same as the RSA key.

If the ntor-onion-key-crosscert field is present, you'll get a timestamp for free in the certificate which should have the exp_field set to the last published time + 7 days.

In any case, a router SHOULD NOT have either a TAP or ntor onion key _more_ than 7 days as this is hardcoded in Tor. If they do, it could be another implementation but finding them would be good so we can warn/ask them to fix. Or better, detect bugs as well on tor implementation that could keep those for a longer time.

Child Tickets

Change History (3)

comment:1 Changed 3 years ago by teor

I wonder if a read-only DataDirectory (or keys directory) could cause this issue.
Let's ask the operators with this issue to help us work out why it happens.

comment:2 Changed 3 years ago by atagar

Hi David, just wanted to leave a quick note apologizing for not getting back to ya yet. This is on my radar - sadly along with a dozen other things. ;)

comment:3 Changed 3 years ago by atagar

Hmmm, on reflection actually not really sure of the ROI of writing this check. Not overly hard but would take me a few hours. Think I'm gonna need to say 'patches welcome' to this one. Sorry. :(

Note: See TracTickets for help on using tickets.