On 11 May (16:47:53), Nick Mathewson wrote: Hello! > ``` > Filename: 320-tap-out-again.md > Title: Removing TAP usage from v2 onion services > Author: Nick Mathewson > Created: 11 May 2020 > Status: Open > ``` > > (This proposal is part of the Walking Onions spec project. It updates > proposal 245.) > > # Removing TAP from v2 onion services > > As we implement walking onions, we're faced with a problem: what to do > with TAP keys? They are bulky and insecure, and not used for anything > besides v2 onion services. Keeping them in SNIPs would consume > bandwidth, and keeping them indirectly would consume complexity. It > would be nicer to remove TAP keys entirely. > > But although v2 onion services are obsolescent and their > cryptographic parameters are disturbing, we do not want to drop > support for them as part of the Walking Onions migration. If we did > so, then we would force some users to choose between Walking Onions > and v2 onion services, which we do not want to do. I haven't read the entire proposal so I won't comment on its technical aspect. I was reading and got here and that made me very uncertain about the whole proposal itself. I will propose that we revisit the overall idea of changing v2 here. I personally think this is the wrong approach. Onion services v2 should be deprecated as in removed from the network instead of being offered as a choice to the users. We haven't properly done a deprecation path yet for v2 primarly due to our lack of time to do so. But at this point in time, where the network is 100% composed of relays supporting v3 now (which took 3+ years to get there), it is time for v2 to not be presented as a choice anymore. It is a codebase that is barely maintained, no new features are being added to it and thus moving it to ntor means another at least 3 years of network migration. This would mean a major new feature in that deprecated code base... So thus, I personally will argue that moving v2 to ntor is really not the right thing to do. Onion service v2 are, at this point in time, _dangerous_ choice for the users. Cheers! David -- A6ufpccBUu9sxu+cw0b1qX9hKnkXjLXyU5P1hxeBhsk=
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev