Razvan Dragomirescu:
> Thank you Ivan! I still dont see a very good reason to _replace_ the
> current HS system with the one in Prop224 and not run the two in
> parallel.

For me it's because it would make overall system more complex and thus
error-prone and reasonably less secure. Is like using RC4, SHA1, 3DES in
TLS and be vulnerable downgrade attacks and all kind of stuff like
Sweet32 and LogJam (export-grade onions, haha).

> Why not let the client decide what format and security
> features it wants for its services?

It's like dealing with plethora of ciphers and hashes in GnuPG:

https://moxie.org/blog/gpg-and-me/:
> It’s up to the user whether the underlying cipher is SERPENT or IDEA
> or TwoFish. The GnuPG man page is over sixteen thousand words long;
> for comparison, the novel Fahrenheit 451 is only 40k words.

When system is complex in that way someone is going make huge
mistake(s). If crypto is bad, just put it into museum.

So I don't see _any_ reason to manage outdated and less secure system
while we have a better option (if we already deployed it).

--
Ivan Markin
_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev