Re: [tor-relays] warning in my relay log

2015-11-23 Thread Tim Wilson-Brown - teor 

> On 24 Nov 2015, at 01:54, DARKNET.IT  wrote:
> 
> I have changed server and tor version (from Tor 0.2.6.10 to Tor
> 0.2.7.5). My relay works but I have this warning:
> "http status 400 ("Looks like your keypair does not match its older
> value.") response from dirserver '208.83.223.34:443'. Please correct."
> This is my relay fingerprint: 59573AB90614D929360C7D9BCBF3313497A22AA2
> What means and what I have to do? The keys for me is correct.

Your relay now has two keys: a RSA 1024-bit key (existing) and an ed25519 key 
(new).
Your fingerprint is generated from the RSA key.
Directory authorities ensure that each RSA key and ed25519 key pair only ever 
appear together.

Did you have an ed25519 key, and then delete it? (or fail to restore it from a 
backup?)
Or perhaps there is a bug in the authority's handling of ed25519 key pairs.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Actions required after update?

2015-11-23 Thread kingqueen 
Much appreciated, thank you.

The apt-get dist-upgrade actually stopped and restarted the tor process itself.

Thank you


On November 23, 2015 5:31:50 AM GMT+00:00, Green Dream 
 wrote:
>> is there any action required for somebody running the relay
>> on a pretty bog-standard Ubuntu 12.04 Linux dedi?
>> other than sudo apt-get update && sudo apt-get dist-upgrade
>
>
>There is a new OfflineMasterKey feature you can read about here:
>
>
>https://lists.torproject.org/pipermail/tor-relays/2015-November/008190.html
>
>If you want to enable OfflineMasterKey read before upgrading. Otherwise
>I'd
>say go for it. Don't forget:
>
>sudo service tor restart
>
>You might see a prompt about a new torrc from the package update. I
>chose
>to keep my existing version. There was no noticeable change once the
>service was back up.
>
>
>
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Actions required after update?

2015-11-23 Thread Tim Wilson-Brown - teor 

> On 23 Nov 2015, at 16:31, Green Dream  wrote:
> 
> You might see a prompt about a new torrc from the package update. I chose to 
> keep my existing version. There was no noticeable change once the service was 
> back up.


Most relay operators won't want to replace their existing torrc, unless they 
want to start configuring their relay from scratch again.
The changes in the default torrc are aimed at new operators.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] warning in my relay log (urras doing key-pinning)

2015-11-23 Thread nusenu 
>> > I have changed server and tor version (from Tor 0.2.6.10 to Tor
>> > 0.2.7.5). My relay works but I have this warning:
>> > "http status 400 ("Looks like your keypair does not match its older
>> > value.") response from dirserver '208.83.223.34:443'. Please correct."
>> > This is my relay fingerprint: 59573AB90614D929360C7D9BCBF3313497A22AA2
>> > What means and what I have to do? The keys for me is correct.
> Your relay now has two keys: a RSA 1024-bit key (existing) and an ed25519 key 
> (new).
> Your fingerprint is generated from the RSA key.
> Directory authorities ensure that each RSA key and ed25519 key pair only ever 
> appear together.
> 
> Did you have an ed25519 key, and then delete it? (or fail to restore it from 
> a backup?)
> Or perhaps there is a bug in the authority's handling of ed25519 key pairs.

dirauth 208.83.223.34 (urras) is running an outdated tor version that is
doing key-pinning. If urras upgrades to tor 0.2.7.3-rc this problem will
go away, since key-pinning has been disabled for now - see 0.2.7.x's
changelog: [1][2].

>   o Major features (Ed25519 keys, keypinning):
> - The key-pinning option on directory authorities is now advisory-
>   only by default. In a future version, or when the AuthDirPinKeys
>   option is set, pins are enforced again. Disabling key-pinning
>   seemed like a good idea so that we can survive the fallout of any
>   usability problems associated with Ed25519 keys. Closes
>   ticket 17135.



[1] https://gitweb.torproject.org/tor.git/plain/ChangeLog
[2] https://trac.torproject.org/projects/tor/ticket/17135



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] keypair issue after backing up relay

2015-11-23 Thread Matlink 
Hi,
I'm running a tor relay. I once had some trouble about running it, and I
decided to reinstall tor via apt-get. Of course, it did erased all my
private and public keys, that I missed to backup before reinstalling tor.
Then I ran tor again, with the new identity. As I have a container
backup running every day, I was able to recover the erased private and
public keys, that I put them back.
I can run tor with my original identity, but the directory server is
saying me '[WARN] http status 400 ("Looks like your keypair does not
match its older value.")'.
How can I fix it ? I would like to keep the original identity, since I
had all the convenient flags and don't want to wait another couple of
weeks to get them back with a new identity.
Sincerly,

-- 
Matlink - Sysadmin matlink.fr
Sortez couverts, chiffrez vos mails : https://café-vie-privée.fr/
XMPP/Jabber : matl...@matlink.fr
Clé publique PGP : 0x186BB3CA
Empreinte Off-the-record : 572174BF 6983EA74 91417CA7 705ED899 DE9D05B2



0x186BB3CA.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] keypair issue after backing up relay

2015-11-23 Thread Tim Wilson-Brown - teor 

> On 24 Nov 2015, at 10:14, Matlink  wrote:
> 
> Hi,
> I'm running a tor relay. I once had some trouble about running it, and I
> decided to reinstall tor via apt-get. Of course, it did erased all my
> private and public keys, that I missed to backup before reinstalling tor.
> Then I ran tor again, with the new identity. As I have a container
> backup running every day, I was able to recover the erased private and
> public keys, that I put them back.
> I can run tor with my original identity, but the directory server is
> saying me '[WARN] http status 400 ("Looks like your keypair does not
> match its older value.")'.
> How can I fix it ? I would like to keep the original identity, since I
> had all the convenient flags and don't want to wait another couple of
> weeks to get them back with a new identity.

Either replace your ed25519 master key from the backup, or wait until urras 
moves away from a version that does key pinning.
(In either case, the remaining authorities should accept your relay.)

See this thread for details:
https://lists.torproject.org/pipermail/tor-relays/2015-November/008217.html 


Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] keypair issue after backing up relay

2015-11-23 Thread Matlink 
Well thank you, in fact that is not an issue by my side.
Later ++


Le 24/11/2015 00:26, Tim Wilson-Brown - teor a écrit :
>
>> On 24 Nov 2015, at 10:14, Matlink > > wrote:
>>
>> Hi,
>> I'm running a tor relay. I once had some trouble about running it, and I
>> decided to reinstall tor via apt-get. Of course, it did erased all my
>> private and public keys, that I missed to backup before reinstalling tor.
>> Then I ran tor again, with the new identity. As I have a container
>> backup running every day, I was able to recover the erased private and
>> public keys, that I put them back.
>> I can run tor with my original identity, but the directory server is
>> saying me '[WARN] http status 400 ("Looks like your keypair does not
>> match its older value.")'.
>> How can I fix it ? I would like to keep the original identity, since I
>> had all the convenient flags and don't want to wait another couple of
>> weeks to get them back with a new identity.
>
> Either replace your ed25519 master key from the backup, or wait until
> urras moves away from a version that does key pinning.
> (In either case, the remaining authorities should accept your relay.)
>
> See this thread for details:
> https://lists.torproject.org/pipermail/tor-relays/2015-November/008217.html
>
> Tim
>
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP 968F094B
>
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
Matlink - Sysadmin matlink.fr
Sortez couverts, chiffrez vos mails : https://café-vie-privée.fr/
XMPP/Jabber : matl...@matlink.fr
Clé publique PGP : 0x186BB3CA
Empreinte Off-the-record : 572174BF 6983EA74 91417CA7 705ED899 DE9D05B2



0x186BB3CA.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] (no subject)

2015-11-23 Thread 海洋 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] warning in my relay log

2015-11-23 Thread DARKNET.IT 
I have changed server and tor version (from Tor 0.2.6.10 to Tor
0.2.7.5). My relay works but I have this warning:
"http status 400 ("Looks like your keypair does not match its older
value.") response from dirserver '208.83.223.34:443'. Please correct."
This is my relay fingerprint: 59573AB90614D929360C7D9BCBF3313497A22AA2
What means and what I have to do? The keys for me is correct.
Thanks for reply

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays