teor wrote: >>> >>> How does ADD_ONION fit in? >> >> It's forward compatible by design, since you have to specify a key type >> when you handle key management, and Tor gets to do whatever it wants if >> you ask it to generate a key with the `BEST` algorithm. >> >> Assuming people who use it aren't explicitly asking for RSA1024, their >> apps will magically switch to using Ed25519 automagically one day, when >> their tor is updated. >> >> (People who expect `NEW:BEST` ADD_ONION-ed services to always give >> RSA1024 based HSes, should fix their code since the spec makes no >> guarantee that `BEST` will be RSA1024.) > > +1 > > (I've changed my opinion, adding a new command is pointless. > People who want the old ADD_ONION behaviour where BEST produces a v2 HS > can use an older version of Tor, until the software that makes > incorrect assumptions is updated.) > > T > I agree that this would be "the technical way" to do it, but real world usability kind of prevents us to do it this way. The spec for ADD_ONION indeed does not say that v2 hidden services will be supported forever and it clearly SHOULD NOT, but it also doesn't make much sense to abolish it at the first Tor release supporting v3 services (because if we make ADD_ONION == v3 (best) this is what we are doing). I don't think it's productive to ask users to already support a new feature upon our first release providing the said feature. To add some value on this point, I will bring into discussion a software that is widely used, produces significant rendezvous traffic and is important for some people: Bitcoin Core - latest versions detect if you use Tor and automatically use ADD_ONION to create v2 services, and, important: it doesn't support yet the v3 address types because of their length. This way people behind NAT running it can be better connected by accepting incoming connections without an open port, some people don't want their upstream provider to know they are using this app, etc. Example: my Bitcoin node (working as a dual stack both on clearnet and onion) has 146 total connections to peers, out of which onion: ~# sudo -u bitnode -i bitcoin-cli getpeerinfo | grep onion | wc -l 29
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev