[tor-dev] "old style" hidden services after Prop224
lunar at torproject.org
Tue Sep 13 16:06:00 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
> So, my opinion is to deprecate v2 entirely after a sane and
> reasonable transition period. Apologies to whom this will create
> headaches - technologically everything can be adjusted to v3 hidden
> services, it's just some work required -- it's not going to be fun
> but it's the clean way for the longer term future.
For what its worth, we now have a social contract  that can help us
evaluate such decisions.
In any cases, v2 onion services are broken in several aspects. I think
this is good be advertised even more (point 5, being honest about
limits). The outdated crypto primitives are not my main concerns. I
think the fact that an HSDir can learn onion service addresses, refuse
to serve them, or track connections is really bad.
Once v3 onion services are deployed, I believe the current set of
problems in v2 conflict with social contract point 6, “we will never
intentionally harm our users”. Having them continue to use a
technology that doesn't deliver its initial promises when a better
option is available feels like intentional harm to me.
YMMV, obviously, but I think this is a good framework for having a
discussion. (Should we move this to -project? Not sure.)
See “Attacks by Hidden Service Directory Servers”
Lunar <lunar at torproject.org>
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the tor-dev