Skip to content

Making a signing cert in the future will make everybody discard your real signing cert and then want it again

Run an authority, with a normal signing authority_certificate. Then move your date into the future (has to be more than one week in the future), and generate and use another signing cert. Relays, clients, and other directory authorities will smoothly upgrade to your new one, and (barring issues like #11454 (moved)) throw out your old signing cert.

Then throw out your shiny new one, and go back to the one you had been using. Other Tors (dir auths, relays, clients) will say "oh hey, a signature from a cert I don't recognize, let me fetch that". So far so good.

Then 60 seconds later they'll discard this cert, because they know a newer one. Oops.

But this is where is gets good. Your authority discards this older cert too. So do other authorities. And relays.

And then everybody wants a copy and nobody has one, so every 60 seconds everybody asks the next layer up in the dir hierarchy. Everybody's logs are filled with

Apr 09 03:44:55.000 [warn] Received http status code 404 ("Not found") from server '127.0.0.1:3002' while fetching "/tor/keys/fp-sk/AD23D263206B997C73AF9B488322E91766748C2C-4335577168B0C0C22AC4A1A0707DD72F41CC8DA6".

each minute.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information