[tor-bugs] #28675 [Core Tor/Tor]: Deprecate standard cookie authentication
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 3 06:30:46 UTC 2018
#28675: Deprecate standard cookie authentication
----------------------------+----------------------------------
Reporter: wagon | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: technical-debt | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------+----------------------------------
Comment (by teor):
Replying to [comment:4 arma]:
> For more context, it looks like that sentence went into control-spec in
commit {{{c402bdfe}}} in Feb 2012.
>
> It looks like SAFECOOKIE went in during 0.2.2.x and 0.2.3.x, which is a
long time ago now.
So all supported Tor versions support SAFECOOKIE. (As of December 2018, we
support 0.2.9, and 0.3.3 and later.)
> Re timeframe, Nick said on #5185: "Removing it before 0.2.4.x-rc, yes"
>
> I think removing it any time now is a fine plan.
But we need to allow other apps time to transition.
I suggest that we warn in 0.3.5 (long-term support), and remove in 0.4.0.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28675#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list