<div dir="ltr"><div dir="ltr">FWIW, I don't think libp2p supports SECIO anymore. In fact the (go) repository has been archived: <a href="https://github.com/libp2p/go-libp2p-secio">https://github.com/libp2p/go-libp2p-secio</a> and there is no trace of SECIO in the current (go) implementation of libp2p.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 7 Dec 2021 at 19:33, Jeff Burdges <<a href="mailto:burdges@gnunet.org">burdges@gnunet.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
> On 7 Dec 2021, at 19:26, Jeff Burdges <<a href="mailto:burdges@gnunet.org" target="_blank">burdges@gnunet.org</a>> wrote:<br>
> I advise against allowing any libp2p cruft into tor itself though.<br>
<br>
Among the many reasons. I’d expect libp2p to be a nightmare of downgrade attacks, given the amount of badly rolled stuff they must still support, like their dangerous key exchange SECIO built on the legacy curve sep256k1, but it’ll go deep than that.<br>
<br>
Jeff<br>
_______________________________________________<br>
tor-dev mailing list<br>
<a href="mailto:tor-dev@lists.torproject.org" target="_blank">tor-dev@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" rel="noreferrer" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br>
</blockquote></div></div>