[tor-dev] Proposal 320: Removing TAP usage from v2 onion services

David Goulet dgoulet at torproject.org
Wed May 13 14:09:04 UTC 2020


On 11 May (16:47:53), Nick Mathewson wrote:

Hello!

> ```
> Filename: 320-tap-out-again.md
> Title: Removing TAP usage from v2 onion services
> Author: Nick Mathewson
> Created: 11 May 2020
> Status: Open
> ```
> 
> (This proposal is part of the Walking Onions spec project.  It updates
> proposal 245.)
> 
> # Removing TAP from v2 onion services
> 
> As we implement walking onions, we're faced with a problem: what to do
> with TAP keys?  They are bulky and insecure, and not used for anything
> besides v2 onion services.  Keeping them in SNIPs would consume
> bandwidth, and keeping them indirectly would consume complexity.  It
> would be nicer to remove TAP keys entirely.
> 
> But although v2 onion services are obsolescent and their
> cryptographic parameters are disturbing, we do not want to drop
> support for them as part of the Walking Onions migration.  If we did
> so, then we would force some users to choose between Walking Onions
> and v2 onion services, which we do not want to do.

I haven't read the entire proposal so I won't comment on its technical aspect.
I was reading and got here and that made me very uncertain about the whole
proposal itself.

I will propose that we revisit the overall idea of changing v2 here.

I personally think this is the wrong approach. Onion services v2 should be
deprecated as in removed from the network instead of being offered as a choice
to the users.

We haven't properly done a deprecation path yet for v2 primarly due to our
lack of time to do so. But at this point in time, where the network is 100%
composed of relays supporting v3 now (which took 3+ years to get there), it is
time for v2 to not be presented as a choice anymore.

It is a codebase that is barely maintained, no new features are being added to
it and thus moving it to ntor means another at least 3 years of network
migration. This would mean a major new feature in that deprecated code base...

So thus, I personally will argue that moving v2 to ntor is really not the
right thing to do. Onion service v2 are, at this point in time, _dangerous_
choice for the users.

Cheers!
David

-- 
A6ufpccBUu9sxu+cw0b1qX9hKnkXjLXyU5P1hxeBhsk=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20200513/64376681/attachment.sig>


More information about the tor-dev mailing list