Merge remote-tracking branch 'ffmancera-1/bug20522'

2018-05-01 10:43:40 -04:00 · 2018-05-01 10:43:40 -04:00 · 9ece027d60
parent d018bf199c 6ed2ad0f00
commit 9ece027d60
2 changed files with 11 additions and 4 deletions
--- a/changes/ticket20522
+++ b/changes/ticket20522
@ -0,0 +1,6 @@
+  o Deprecated features:
+    - As we are not recommending 0.2.5 anymore we require relays that once had
+      an ed25519 key associated with their RSA key to always have that key
+      instead of allowing them to drop back to a version that didn't support
+      ed25519. This means they need to use a new RSA key if the want to
+      downgrade to an older version of tor without ed25519. Closes ticket 20522.
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@ -259,11 +259,12 @@ dirserv_load_fingerprint_file(void)
 * identity to stop doing so.  This is going to be essential for good identity
 * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
 * just sign fake descriptors missing the Ed25519 key.  But we won't actually
- * be able to prevent that kind of thing until we're confident that there
- * isn't actually a legit reason to downgrade to 0.2.5.  So for now, we have
- * to leave this #undef.
+ * be able to prevent that kind of thing until we're confident that there isn't
+ * actually a legit reason to downgrade to 0.2.5.  Now we are not recommending
+ * 0.2.5 anymore so there is no reason to keep the #undef.
 */
-#undef DISABLE_DISABLING_ED25519
+
+#define DISABLE_DISABLING_ED25519

 /** Check whether <b>router</b> has a nickname/identity key combination that
 * we recognize from the fingerprint list, or an IP we automatically act on