[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Onioncat and Tor Hidden Services V3

On 12/10/19, George Kadianakis <desnacked@xxxxxxxxxx> wrote:
> As a final note and as my personal opinion, I don't think onioncat
> support is gonna stop v2 deprecation. v2 addresses are 80-bit and can be
> literally brute-forced and impersonated with the current human
> technology, so their deprecation is already too late.

To be clear for users...

"deprecation" = arbitrary permanent forced shutdown and removal
of all v2 onions, use cases, applications, user preferences, etc therein.

As to "80-bit" and other v2 vs v3 differences not denoted above
(see "table" below), those aren't actually sufficient reasons
to kill v2, when, again, ...

From the perspective of users who select to use v2 pursuant
to evaluation of its features, tradeoffs, security, etc... v2 is
NOT a problem for them.

For example...

Bittorrent file distribution clouds operating entirely within
onionland (no exit).
BT protocol already rejects bad nodes, data that doesn't match
infohash, etc. Also such evaluation will have obviously noted that
BT over any overlay network, is far more resistant to censorship,
even say to MAFIAA for those demonstrating the pointlessness of
Copyright Regimes), etc... than over clearnet. Comparatively speaking,
tor+OnionCat offers a huge win for BT users in some of those areas.
Other P2P protocols may have similar semantics, and enjoy similar
benefits... cryptocurrency, distributed filesystems, YouTube replacements,

VoIP... users already know the voice of their peer, the context
of convo, and other authentication keys. For general non-critical
casual usage... social convos among friends over tor using existing
softphone apps (utilizing: IPv6/UDP)... no one really cares. Being
able to run whatever apps they want over the general protections
afforded by any overlay network is more important.

There are many use cases in which any tradeoffs between
v2 and v3 regarding "80-bit" "presence" "harvesting" etc
are either 100% superceded by the need for IPv6/UDP
in the users particular use case, or are further offset due
to the users use case not needing such levels of security.
That choice is up to the users to make, not Tor.

Rather than arbitrarily killing v2, a better way to go is...

Set v3 to be the default and promoted version.
Bring v2 up to date as close as possible to v3 in
both code diffs and security design semantics.
Split out and modularize v2 wherever it may be entangled
with and holding up other code and design areas.
Provide an unbiased and complete comparison table of
all the v2 vs v3 tradeoffs, features, design, use cases.
Point v2 client and HSDir manpage sections to the table,
ship the table in the docs, onsite, etc.
Relay nodes can participate in supporting the onion
community via their role in v2 HSDir function as always.
Community of v2 could maintain v2 as a module if desired.

Alternatively, create a v4 that can integrate with or provide
what OnionCat does (network interface for raw IPv6 transport
including UDP support over tor onionland).

> work

Tor has a multi-$Million dollar budget, so that's
not much argument against v2 or anything else.
Especially compared to other similar and sized
projects with far less or no funds.

A side layer may develop.
Another overlay network may also do things.

Use cases and acceptable tradeoffs do exist for both v2 and v3.
While that remains the case, killing off either of them would
seem questionable.

Here are some fun use cases for tor, and other overlay networks,
that users are free to build, some of which may require OnionCat...



Have fun :)
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to