[tor-bugs] #18812 [Tor]: [warn] Tried connecting to router at 81.7.17.171:443, but identity key was not as expected: wanted 00C4B4731658D3B4987132A3F77100CFCB190D97 but got CFECDDCA990E3EF7B7EC958B22441386B6B8D820.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 15 15:11:45 UTC 2016
#18812: [warn] Tried connecting to router at 81.7.17.171:443, but identity key was
not as expected: wanted 00C4B4731658D3B4987132A3F77100CFCB190D97 but got
CFECDDCA990E3EF7B7EC958B22441386B6B8D820.
-------------------------------------------------+-------------------------
Reporter: arma | Owner:
Type: defect | Status:
Priority: Medium | needs_information
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: fallback, must-fix-before-028-rc, | Version: Tor:
easy | 0.2.8.1-alpha
Parent ID: | Resolution:
Reviewer: | Actual Points:
| Points: small
| Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* status: new => needs_information
* keywords: fallback => fallback, must-fix-before-028-rc, easy
* points: => small
* version: => Tor: 0.2.8.1-alpha
Comment:
'''Analysis'''
I suspect the operator changed keys (unnecessarily) in January:
https://lists.torproject.org/pipermail/tor-relays/2016-January/008466.html
This is unfortunate, as they only opted-in in December:
https://lists.torproject.org/pipermail/tor-
relays/2015-December/008365.html
I emailed the operator to confirm the key change:
https://lists.torproject.org/pipermail/tor-relays/2016-April/009121.html
'''Fallback List Fix'''
This particular relay was excluded when I rebuilt the list of fallback
directories for 0.2.8-rc, as its key / IP combination doesn't match the
one in the whitelist.
See my branch fallbacks-201604-v9 on https://github.com/teor2345
Normally, we would have required a longer stability period (120 days), but
I had to reduce the stability period to 7 days, as no current released tor
version has the fix for #18050. We'll fix this for 0.2.9 in #18828. Of
course, this doesn't prevent operators changing keys in the future - it
just checks if they have in the past.
'''Fallback Check Fix'''
I have reopened #18177 to ask atagar to include ORPort and key checks in
the existing DocTor fallback directory checks.
'''Log Message Fix'''
I'm happy to make a fix to the log message in this ticket, and get it in
0.2.8.
Do you have a suggested "less scary" wording, arma?
I'd go with:
"[notice] The relay at IP:ORPort has changed its key from A to B. Trying a
different relay."
These messages will only occur on bootstrap, so I think it's ok to leave
them at notice.
But there may be a few if a few fallbacks change keys.
And tails users will get then on every boot. Should we reduce them to
info?
Note that this wording and the change of log level will apply even if the
relay is a guard.
Is this what we want? Or should we change it only for the fallback case?
(We can do this, there are functions that tell us when we're
bootstrapping.)
If so, I'd say "info" for fallbacks, and "warn" for guards/authorities.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18812#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list