Opened 4 months ago

Closed 4 weeks ago

#22348 closed defect (implemented)

16 relays have mismatched rsa/ed keys currently

Reported by: arma Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: review-group-22
Cc: Actual Points:
Parent ID: Points:
Reviewer: dgoulet Sponsor:


Looking at lines from moria1's log for mismatched ed/rsa keys like this:

May 19 18:00:10.942 [info] dirserv_router_get_status(): Descriptor from router $BB119A5A4D5DA2BBB7B796ECC50E3C0F1D4FD910~onslaught at has an Ed25519 key, but the <rsa,ed25519> keys don't match what they were before.

There are sixteen relays currently that I'm rejecting the descriptors of:


A) We need to put up some documentation for them so they can know what we're enforcing and how to fix it. Right now all they're getting, if they look at their logs, is

May 23 17:06:10.976 [warn] http status 400 ("Looks like your keypair does not match its older value.") response from dirserver ''. Please correct.

which is not enough for them to guess what went wrong and what needs fixing.

B) For anecdotes, we should contact the operators of these 16, to try to get them to help us guess what went wrong such that they're in this situation now.

C) We should consider some plan for how to notice and contact future relay operators that fall into this trap. Otherwise we throw away relay volunteers, which is frustrating for them and bad for the network.

Child Tickets

Change History (12)

comment:1 Changed 4 months ago by teor

Milestone: Tor: 0.3.1.x-final

We need to do this before a majority of authorities key pin, which means the 0.3.1 timeframe.

comment:2 Changed 3 months ago by nickm

How about this for an improved message for A:

"Looks like your keypair has changed? This authority previously recorded a different RSA identity key for your Ed25519 identity key, or vice versa. Did you replace or copy some of your keys, but not others?"

comment:3 Changed 8 weeks ago by nickm

Owner: set to nickm
Status: newaccepted

comment:4 Changed 8 weeks ago by nickm

Status: acceptedneeds_review

I'd done the part that requires a tor change as ticket22348_031 in my public repository. No code changes, only a string.

comment:5 Changed 6 weeks ago by nickm

Keywords: review-group-22 added

comment:6 Changed 5 weeks ago by dgoulet

Status: needs_reviewneeds_information

I'm wondering, shouldn't we tell the user what to actually do if this message happens? Could we complement the message with a small guideline on what to do?

comment:7 Changed 4 weeks ago by nickm

Hm. Any ideas what that should say? The problem is that the right fix depends on the user's situation.

comment:8 Changed 4 weeks ago by dgoulet

Good question. There isn't really much options actually other than doing something like "rm keys/*" and restart tor? Or put back the backed up keys in keys/ ?

comment:9 Changed 4 weeks ago by nickm

Right. If you still have a matching pair of keys, you should restore them. But if you can't, you should remove your keys and start over with a new identity.

comment:10 Changed 4 weeks ago by nickm

Status: needs_informationneeds_review

I've tried to add a sentence in ticket22348_031 to say that. Better now?

comment:11 Changed 4 weeks ago by dgoulet

Reviewer: dgoulet
Status: needs_reviewmerge_ready

Great! Ack.

comment:12 Changed 4 weeks ago by nickm

Resolution: implemented
Status: merge_readyclosed

ok; merged!

Note: See TracTickets for help on using tickets.