[tor-dev] "old style" hidden services after Prop224

Lunar lunar at torproject.org
Tue Sep 13 16:06:00 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

s7r:
> So, my opinion is to deprecate v2 entirely after a sane and 
> reasonable transition period.  Apologies to whom this will create 
> headaches - technologically everything can be adjusted to v3 hidden
> services, it's just some work required -- it's not going to be fun
> but it's the clean way for the longer term future.

For what its worth, we now have a social contract [1] that can help us
evaluate such decisions.

In any cases, v2 onion services are broken in several aspects. I think
this is good be advertised even more (point 5, being honest about
limits). The outdated crypto primitives are not my main concerns. I
think the fact that an HSDir can learn onion service addresses, refuse
to serve them, or track connections is really bad.

Once v3 onion services are deployed, I believe the current set of
problems in v2 conflict with social contract point 6, “we will never
intentionally harm our users”. Having them continue to use a
technology that doesn't deliver its initial promises when a better
option is available feels like intentional harm to me.

YMMV, obviously, but I think this is a good framework for having a
discussion. (Should we move this to -project? Not sure.)

 [1]: https://blog.torproject.org/blog/tor-social-contract
 [2]: https://blog.torproject.org/blog/hidden-services-need-some-love
      See “Attacks by Hidden Service Directory Servers”

- -- 
Lunar                                             <lunar at torproject.org>
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX2CPzAAoJEEAsIlA9Nuk2gB8P/3SsrOeKNGG0jIB1kyED2LTu
Nf47izPICYE+ekHljlUxnmMl7QgpQGAsvzVYQ9CXoPXn09oA7TyMlyWx0DSrUf6G
cLIGoDVljnHvzAjNADtc4k2vEvT5gmIeIk19OwVepvCnjwGbYb+yDJthQRJ0Tf8V
FZtwkDAEdLwfDpJIfUrgr5quPMLij+EjCDhzfuW7nv3JrHUcEe+AQogpFYjT/roX
4Zauj+T6OvAYMKgOzmpu36uoihWF4w/N6ITdBcAjFcZQXCKVenNAUH5TIXxshheb
3rVm92MnzhbMf3vGVhJWbrWGEFS7hhcshHSVIZC4KB4T5Pm8axr9XJ5X6OriS40J
LK22xht/yEcXxhCeVO3O8rg3Tvwszw/Dtqv3/6ArTuZ4YXxnbC3HR4S60ypYbVr+
yi/0Id+Coszyu/NYOTqyTP50DNctpveqZ4zalfCPKNFnXddsvPTN5TQNFyuFG/o+
onoPOaPmAVtKOEXn1dTiAc3ys4ZGSdLFIcO9M3y7bxal0rdqb7nfTBundHEX8+5R
Ah+IE9xRkEInRDEIYWCckVZ9FWCu5ycrM17KG2fenCvdjX84EoZSFPPAN/dDrKqB
YZZFdLsR27w9N9sMcgGGNjxZ1YrEZQO40vvj7uSpqqm/mrGkw8aWroYB/v+cmv1F
5apnB6W1drX+pBOMDYd8
=9Ya/
-----END PGP SIGNATURE-----

More information about the tor-dev mailing list