[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Plan: dropping support for v1 directory protocol.



[Hi, folks.  This message also went to or-dev, but I think there are
some tool maintainers who aren't on that list.]

Hi, all!

As you probably know, Tor has had a few different directory protocols
in its lifetime.  The oldest one (the "v1 protocol") was pretty bad:
it took up a lot of bandwidth, and it made every authority into a
single point of failure.  The more recent protocol (the "v2 protocol") has
been fully supported since 0.1.1.8-alpha.

Unfortunately, there are still some tools that use v1 directories, and
there are still some clients (and even a few servers!) running
0.1.0.x.  This is bad for a number of reasons: The 0.1.0.x series has
not been supported for a while.  Tor 0.1.1.x has been stable for more
than a year now, and it has a lot of important security features that
are not supported in 0.1.0.x.  (These are features, not bugfixes, and
they can't be backported without basically replacing 0.1.0.x with
0.1.1.x.)

IMO, we are _not_ doing people a favor by keeping support for 0.1.0.x:
it is insecure, buggy, and old.

Thus, in a few months (say, on 1 August or 1 September), I propose
that we drop support for v1 directories.  The authorities, instead of
generating full v1 directories, will serve empty directories instead,
so that caches will not propagate stale information.  This will make
0.1.0.x clients download empty directories, and fail to build circuits
until their users upgrade to 0.1.1.x.

At the same time, there's another transition to make in directory
information: Check out proposal 104.  We're going to move the fields
"read-history" and "write-history" (which currently are only used by
some tools, and are not used by Tor iteself) into a separate
"extra-info" document that not everybody downloads.  This will cut
down on directory bandwidth, _a lot_, since those fields are very
expensive.

If you are maintaining a tool that uses v1 directories or the
*-history fields, you'll need to switch to use v2 directories and
extra-info documents.  I'll try to ease the transition as much as I
can, possibly by writing a script to cobble the contents of a Tor's
cache into some semblance of a v1 directory.

I'm not proposing this lightly; I really hate dropping support for old
versions.  Nevertheless, I think we need to do this soon: to limit the
bandwidth demands on directory servers; to continue to improve the
network's security; to avoid bloating our code with backward
compatibility hacks indefinitely; and to ensure that users running
ancient insecure software don't get hurt by it.

Please let me know if for some reason August 1 is too late for you; if
you've got compelling reasons, I'll push the date back to September 1.
Please also let me know if I'm being totally insane here.  :)

yrs,
-- 
Nick Mathewson

Attachment: pgpHUEQsbyn5v.pgp
Description: PGP signature