[tor-bugs] #18812 [Tor]: [warn] Tried connecting to router at 81.7.17.171:443, but identity key was not as expected: wanted 00C4B4731658D3B4987132A3F77100CFCB190D97 but got CFECDDCA990E3EF7B7EC958B22441386B6B8D820.

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 15 15:11:45 UTC 2016


#18812: [warn] Tried connecting to router at 81.7.17.171:443, but identity key was
not as expected: wanted 00C4B4731658D3B4987132A3F77100CFCB190D97 but got
CFECDDCA990E3EF7B7EC958B22441386B6B8D820.
-------------------------------------------------+-------------------------
 Reporter:  arma                                 |          Owner:
     Type:  defect                               |         Status:
 Priority:  Medium                               |  needs_information
Component:  Tor                                  |      Milestone:  Tor:
 Severity:  Normal                               |  0.2.8.x-final
 Keywords:  fallback, must-fix-before-028-rc,    |        Version:  Tor:
  easy                                           |  0.2.8.1-alpha
Parent ID:                                       |     Resolution:
 Reviewer:                                       |  Actual Points:
                                                 |         Points:  small
                                                 |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):

 * status:  new => needs_information
 * keywords:  fallback => fallback, must-fix-before-028-rc, easy
 * points:   => small
 * version:   => Tor: 0.2.8.1-alpha


Comment:

 '''Analysis'''

 I suspect the operator changed keys (unnecessarily) in January:
 https://lists.torproject.org/pipermail/tor-relays/2016-January/008466.html
 This is unfortunate, as they only opted-in in December:
 https://lists.torproject.org/pipermail/tor-
 relays/2015-December/008365.html
 I emailed the operator to confirm the key change:
 https://lists.torproject.org/pipermail/tor-relays/2016-April/009121.html

 '''Fallback List Fix'''

 This particular relay was excluded when I rebuilt the list of fallback
 directories for 0.2.8-rc, as its key / IP combination doesn't match the
 one in the whitelist.
 See my branch fallbacks-201604-v9 on https://github.com/teor2345

 Normally, we would have required a longer stability period (120 days), but
 I had to reduce the stability period to 7 days, as no current released tor
 version has the fix for #18050. We'll fix this for 0.2.9 in #18828. Of
 course, this doesn't prevent operators changing keys in the future - it
 just checks if they have in the past.

 '''Fallback Check Fix'''

 I have reopened #18177 to ask atagar to include ORPort and key checks in
 the existing DocTor fallback directory checks.

 '''Log Message Fix'''

 I'm happy to make a fix to the log message in this ticket, and get it in
 0.2.8.

 Do you have a suggested "less scary" wording, arma?
 I'd go with:

 "[notice] The relay at IP:ORPort has changed its key from A to B. Trying a
 different relay."

 These messages will only occur on bootstrap, so I think it's ok to leave
 them at notice.
 But there may be a few if a few fallbacks change keys.
 And tails users will get then on every boot. Should we reduce them to
 info?

 Note that this wording and the change of log level will apply even if the
 relay is a guard.
 Is this what we want? Or should we change it only for the fallback case?
 (We can do this, there are functions that tell us when we're
 bootstrapping.)
 If so, I'd say "info" for fallbacks, and "warn" for guards/authorities.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18812#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list