Opened 3 months ago

#28095 new defect

dirauth key pinning can be bypassed sometimes?

Reported by: catalyst Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-dirauth
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

It looks like sometimes key pinning can be bypassed. One example is in #27800, where it seems that an ed25519 key got shared between two relays (Or maybe that's two iterations of the same relay, where the operator rolled the RSA key but not the ed25519 key.)

Fixing this the "right" way might involve keeping multiple versions of a relay descriptor around, with metadata about which vote or consensus it goes with.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.