On Tue, Feb 10, 2009 at 12:22:57PM -0600, Scott Bennett wrote: > I think we need a quick patch for this one. I just built and fired up > 0.2.1.12-alpha with no changes to torrc from what I had already. As soon > as exit requests came in, I saw (at INFO-level logging) that IP addresses are > now being logged as the exit connections are made, whereas in 0.2.1.7-alpha > and earlier, the port numbers appeared, but the IP addresses had been > scrubbed. > I tried adding "SafeLogging 1" to torrc in case the default had somehow gotten > changed, but that seemed to have no effect either.
Whoops. Thanks for the bug report. Karsten just fixed it in svn, and the fix will be included in the next development release. In general, production Tor relays should log at notice. Logging at info will slow them down. Also, I think there might be other info-level logs that aren't scrubbed properly -- we only made sure to do notice and warn and err. If somebody wants to walk through all the info-level logs and report others that are likely to be problems, that'd be great. > Also, during the startup, four of the messages were: > > Feb 10 11:42:12.795 [info] trusted_dirs_load_certs_from_string(): Adding > cached certificate for unrecognized directory authority with signing key > 2A9EABF158D0D4BFFA6C4A8EDC84A4F6487FCE9B > > These certainly *look* alarming. Is there a problem here, too? Any log message that we think you should find alarming will be notice or higher (usually warn or higher). Any log message that is info or lower we do not think you should find alarming. How's that? :) (I will grant that sometimes we screw up, so asking here isn't a crazy idea.) Directory mirrors need to cache and serve v3 key certificates for v3 directory authorities they don't recognize. That's because we might add a new v3 directory authority, and then clients would want to be able to learn its key certs from mirrors (even mirrors who haven't upgraded yet) in order to check signatures on the consensus. So yes, I think that's working as intended. All of that said, at some point we should teach clients to discard v3 certs from authorities they don't recognize. Otherwise they'll just sit around in the cached-certs file taking up space. I'll put that on the todo list. Thanks, --Roger

