changing PublicKeyLifetime to smaller values isn't good
[Moved from bugzilla] Description: Opened: 2003-05-30 16:12
I had the default PublicKeyLifetime of 3 months and already had generated keys. Now I wanted to set it to a lower value (1 month or 1 week) but when I start the server I get the following:
Reading configuration from /home/minion/etc/mixminiond.conf May 30 16:11:33.651 [DEBUG] Configuring server May 30 16:11:33.651 [INFO] Starting server in the background May 30 16:11:33.657 [INFO] Enabling statistics logging May 30 16:11:33.659 [WARN] Directory /home is writable by group staff (mode 775) May 30 16:11:33.661 [DEBUG] Syncing statistics to disk May 30 16:11:33.662 [INFO] Statistics logging enabled May 30 16:11:33.663 [INFO] Setting entropy source to '/dev/urandom' May 30 16:11:33.665 [DEBUG] Initializing server May 30 16:11:33.666 [DEBUG] Scanning server keystore at /home/minion/miniond/keys May 30 16:11:33.671 [TRACE] Found key key_0001 (valid from 2003/05/30 to 2003/08/28) May 30 16:11:33.671 [DEBUG] Found 1 keys. May 30 16:11:33.672 [INFO] Last expiry at 2003/08/28 02:00:00; next keygen at 2003/08/11 13:00:00 May 30 16:11:33.673 [ERROR] Some generated keysets do not match current configuration... May 30 16:11:33.673 [ERROR] Keyset 0001 (2003/05/30 02:00:00--2003/08/28 02:00:00): May 30 16:11:33.674 [WARN] Published lifetime does not match PublicKeyLifetime May 30 16:11:33.675 [WARN] (This problem will go away in a while). May 30 16:11:33.678 [INFO] Regenerating descriptor for keyset 0001 (2003/05/30 02:00:00--2003/08/28 02:00:00) May 30 16:11:33.733 [DEBUG] Disabling module MBOX May 30 16:11:33.734 [INFO] Module DROP: enabled for types ['0x0'] May 30 16:11:33.734 [DEBUG] Disabling module SMTP May 30 16:11:33.735 [DEBUG] Disabling module SMTP_MIX2 May 30 16:11:33.765 [FATAL] Exception while configuring server May 30 16:11:33.771 [FATAL] Traceback (most recent call last): File "/home/minion/lib/python2.2/site-packages/mixminion/server/ServerMain.py", line 1045, in runServer server = MixminionServer(config) File "/home/minion/lib/python2.2/site-packages/mixminion/server/ServerMain.py", line 648, in init self.keyring.checkDescriptorConsistency() File "/home/minion/lib/python2.2/site-packages/mixminion/server/ServerKeys.py", line 172, in checkDescriptorConsistency ks.regenerateServerDescriptor(self.config, identity) File "/home/minion/lib/python2.2/site-packages/mixminion/server/ServerKeys.py", line 621, in regenerateServerDescriptor useServerKeys=1) File "/home/minion/lib/python2.2/site-packages/mixminion/server/ServerKeys.py", line 960, in generateServerDescriptorAndKeys assert ok AssertionError May 30 16:11:33.771 [FATAL] Shutting down because of exception: exceptions.AssertionError
------- Additional Comments From Nick Mathewson 2003-05-30 21:13 -------
The crash is a shallow logic error: the code double-checks that any new descriptors it generates must produce no consistency errors. I'm going to make an exception for public key lifetime, because (as the warning notes) we don't automaticly propagate those changes.
Why not? Because pmce a descriptor is published, we want the set of keys to remain valid for as long as promised, so that reply blocks will continue to work. When you set a new publicKeyLifetime, it applies to new keys, not to existing ones.
If you really want to go to a shorter lifetime, stop your server, edit PublicKeyLifetime, run 'mixminion server-DELKEYS', and restart the server.
------- Additional Comments From Peter Palfrader 2003-05-30 21:18 -------
That a change of PublicKeyLifetime only affects new keys is probably The Right Thing. So for current keys the lifetime should stay the same and mixminion should start as usual.
------- Additional Comments From Nick Mathewson 2003-05-30 21:23 -------
Okay, the fix in CVS should solve it.
[Automatically added by flyspray2trac: Operating System: Linux]