Re: [tor-relays] keypair does not match its older value

2017-06-20 Thread teor 

> On 21 Jun 2017, at 08:25, Alexander Nasonov  wrote:
> 
> Roger Dingledine wrote:
>> On Tue, Jun 20, 2017 at 11:04:31PM +0100, Alexander Nasonov wrote:
>>> I tried moving a tor relay with offline master key to a new host but
>>> something went wrong and it printed several warnings:
>>> 
>>> http status 400 ("Looks like your keypair does not match its older value.") 
>>> response from dirserver
>> 
>> This complaint happens when in the past you ran the relay with a given
>> RSA identity key and ED identity key, and now one of them has changed.
> 
> Indeed, that instance used to run with RSA key.
> 
>> Either move back to both of the original identity keys, or discard both
>> identity keys and start fresh.
> 
> I started fresh.

You need to start both your RSA and ED identity keys fresh at the same
time. You can not re-use any previous keys of any type with a new key.

Or you must re-use a pair of RSA and ED identity keys that were first
used together.

T
--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org




signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] keypair does not match its older value

2017-06-20 Thread Alexander Nasonov 
Hi Roger,

Roger Dingledine wrote:
> On Tue, Jun 20, 2017 at 11:04:31PM +0100, Alexander Nasonov wrote:
> > I tried moving a tor relay with offline master key to a new host but
> > something went wrong and it printed several warnings:
> > 
> > http status 400 ("Looks like your keypair does not match its older value.") 
> > response from dirserver
> 
> This complaint happens when in the past you ran the relay with a given
> RSA identity key and ED identity key, and now one of them has changed.

Indeed, that instance used to run with RSA key.

> Either move back to both of the original identity keys, or discard both
> identity keys and start fresh.

I started fresh.

> In theory (i.e. assuming no surprising bugs), updating your signing key
> should not be relevant here.

So, uploading a new signing key a bit early shouldn't be a problem,
right? In this case, I can change '1 month' to '33 days' in my cron.

Many thanks to your help!

-- 
Alex
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Exit notice in Spanish

2017-06-20 Thread ilv 
Hola,

I wanted to let you know that at derechos digitales we wrote a basic
tor exit notice in spanish. You can find it in [1] and a mirror in [2].
We look forward to receive feedback from the community to improve it
(content, ui, etc), hoping that it could be useful to other relay
operators. We have also added legal info of some countries. Feedback
and contributions in this matter are welcome as well :)

p.s.: someone on global-south list also told me about [3].

[1] https://0xacab.org/tortola/exit-notice
[2] https://github.com/derechosdigitales/tor-exit-notice
[3] https://github.com/chgans/tor-exit-notice
 
Saludos.
-i


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] keypair does not match its older value

2017-06-20 Thread Roger Dingledine 
On Tue, Jun 20, 2017 at 11:04:31PM +0100, Alexander Nasonov wrote:
> I tried moving a tor relay with offline master key to a new host but
> something went wrong and it printed several warnings:
> 
> http status 400 ("Looks like your keypair does not match its older value.") 
> response from dirserver

This complaint happens when in the past you ran the relay with a given
RSA identity key and ED identity key, and now one of them has changed.

> What did I screw up and how to fix this problem if it happends again?

Either move back to both of the original identity keys, or discard both
identity keys and start fresh.

> I suspect it will happen again because I generate a new signing key more
> frequently than necessary. I create '15 days' key every week and upload
> it (over onion ssh connection). This scheme should be resistant to
> occasional upload failures but it's not clear which of the last three
> signing keys to use on restart. If passing the wrong key can bring down
> the relay I need to switch to a different scheme.

In theory (i.e. assuming no surprising bugs), updating your signing key
should not be relevant here.

(Thanks for running a relay!)

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] keypair does not match its older value

2017-06-20 Thread Alexander Nasonov 
Hi,

I tried moving a tor relay with offline master key to a new host but
something went wrong and it printed several warnings:

http status 400 ("Looks like your keypair does not match its older value.") 
response from dirserver

What did I screw up and how to fix this problem if it happends again?

I suspect it will happen again because I generate a new signing key more
frequently than necessary. I create '15 days' key every week and upload
it (over onion ssh connection). This scheme should be resistant to
occasional upload failures but it's not clear which of the last three
signing keys to use on restart. If passing the wrong key can bring down
the relay I need to switch to a different scheme.

I'm thinking about adding these commands to my crontab:

$ crontab -l
@weekly scp "${DESTDIR}/keys/ed25519_signing_cert" 
"${DESTDIR}/keys//ed25519_signing_secret_key" ${ONION:?}:
@monthly tor --hush --keygen --SigningKeyLifetime '1 month' "${DESTDIR:?}" && 
{{{scp command from the previous line}}}

Are there any potential problems with this approach (e.g. 28 days in Feb
vs 31 days in March)?

-- 
Alex
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] I would lime to poste on this list

2017-06-20 Thread Andree-anne Tremblay 
Tank you
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] sharing tor relay at night or working hours ? make sense ?

2017-06-20 Thread Petrusko 
It can be a cool feature !
In torrc file, like Transmission (torrent client) for example, you can
set up times with bandwidth ;)
Why not setting days too ?!
5 working days / week, hours, bandwidth used during those different hours...

As an example, the Transmission's web interface, where you can set up
easily those parameters :


Le 11/06/2017 à 16:29, Zalezny Niezalezny a écrit :
> Hi,
>
> I have 100mbit Up/Down connection at home. Most of the day, my
> connection is not use. Mostly between 22:00-17:00.
>
> I would like to share my Internet connection for Tor. If I will setup
> some crontabs to start/stop my tor relay between that hours, will it
> work ?  Does it make sense ? Will TOR network know that my relay is
> working only between 22:00 and 17:00 and will push some more traffic
> to me ?
>
> How to properly configure such a relay which is working only for a few
> hours per day ?
>
>
> Cheers
>
> Zalezny
>
> 
>   Virus-free. www.avast.com
> 
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
Petrusko
C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays