obscure federation authentication failure

[richvdh]

matrix.org shows:

2017-03-20 14:50:08,108 - synapse.federation.transport.server - 174 - ERROR - GET-474391 - authenticate_request failed
Traceback (most recent call last):
  File "synapse/federation/transport/server.py", line 167, in new_func
SynapseError: 401: Invalid signature for server lowpolydev.de with key ed25519:a_Ftqq

for any request received over federation from lowpolydev.de.

lowpolydev.de is no longer using ed25519:a_Ftqq; inspecting requests received at sw1v.org suggest that it is using its current key (ed25519:a_pzkY) to sign things.

[ara4n]

is this not just that they changed their signing key, but the perspectives server is still emitting the old one for the next 24h until it times out and starts believing the new one?

[richvdh]

Don't think so. "Invalid signature for server lowpolydev.de with key ed25519:a_Ftqq" means "it was signed by a_Ftqq, but the signature didn't match". Nothing to do with where the key came from.

[ara4n]

hm. what if they lost their signing key, and created a new one, deliberately naming it with the same label as before? (hence the name being the same, but the wrong signature from the pov of the notary?)

[richvdh]

that wouldn't explain why matrix.org is complaining about an invalid signature with a_Ftqq, but everywhere else sees the signature as claiming to be by a_pzkY.

either lowpolydev.de is doing something different on matrix.org, or matrix.org is lying about the signature being by a_Ftqq.

[richvdh]

I hope this will be fixed by #2042, at least once that lands on matrix.org.

[emdete]

I have that error for contacting matrix.org (that's why i could not ask in the room first) since yesterday:

SynapseError: 401: Invalid signature for server matrix.org with key ed25519:auto

i upgraded and retried.

this only happens for room messages, not for p2p ones.

is there a way to manually clean the cache if its an cache problem?