-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
s7r:
So, my opinion is to deprecate v2 entirely after a sane and reasonable transition period. Apologies to whom this will create headaches - technologically everything can be adjusted to v3 hidden services, it's just some work required -- it's not going to be fun but it's the clean way for the longer term future.
For what its worth, we now have a social contract [1] that can help us evaluate such decisions.
In any cases, v2 onion services are broken in several aspects. I think this is good be advertised even more (point 5, being honest about limits). The outdated crypto primitives are not my main concerns. I think the fact that an HSDir can learn onion service addresses, refuse to serve them, or track connections is really bad.
Once v3 onion services are deployed, I believe the current set of problems in v2 conflict with social contract point 6, “we will never intentionally harm our users”. Having them continue to use a technology that doesn't deliver its initial promises when a better option is available feels like intentional harm to me.
YMMV, obviously, but I think this is a good framework for having a discussion. (Should we move this to -project? Not sure.)
[1]: https://blog.torproject.org/blog/tor-social-contract [2]: https://blog.torproject.org/blog/hidden-services-need-some-love See “Attacks by Hidden Service Directory Servers”
- -- Lunar lunar@torproject.org