Re: [tor-dev] Interoperation with libp2p

Subject: Re: [tor-dev] Interoperation with libp2p

From: Ismail Khoffi <ismail.khoffi@xxxxxxxxx>

Date: Wed, 8 Dec 2021 02:49:41 +0100

Delivery-date: Tue, 07 Dec 2021 20:50:09 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=DAapWjobMZaDK3PQx803l4NQlWxmHNleu7yPm6y877A=; b=GfeADcU59YRlwgVfpgfSfWso2kyjVJsiGXUmTQnaGYH6XgyaPeztOOSlOi5Rfz6BvU 8XKapoe2esXkH/dIp08GzHjDiZVSIDH3ag48t0K5cmS/Z7sN10zdNc5DzA2DNmevOFtX 7eS07G1zEnzsIb6wEtmjqEOgzKSuQdc6cMgWfPAaBhCFy0bq15lG/6xfv1h2gxQOXgk7 pBNcsz71kZhbpch6K8E7O21xF1nPBMgobWQkh78zozit6oAT4SqoRA3vq1XBH2ElaZhr mDu11OaHRwh3EElO2L/SqiLXwghoHcixnuuzH8dZTiJ6tcZS6cMJ47nmRVUNrhcinV8c syhg==

In-reply-to: <4012D333-C6F6-4A34-A4EC-FB53D90A4634@gnunet.org>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <CAF8px54DmREiK-UAS0=tpR0UzQ37LmPwmM_uOzjHKgzBJxf4dA@mail.gmail.com> <B3F46347-E30C-4719-82C3-A4874CC5A374@gnunet.org> <4012D333-C6F6-4A34-A4EC-FB53D90A4634@gnunet.org>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

FWIW, I don't think libp2p supports SECIO anymore. In fact the (go) repository has been archived: https://github.com/libp2p/go-libp2p-secio and there is no trace of SECIO in the current (go) implementation of libp2p.

On Tue, 7 Dec 2021 at 19:33, Jeff Burdges <burdges@xxxxxxxxxx> wrote:

> On 7 Dec 2021, at 19:26, Jeff Burdges <burdges@xxxxxxxxxx> wrote:
> I advise against allowing any libp2p cruft into tor itself though.

Among the many reasons. I’d expect libp2p to be a nightmare of downgrade attacks, given the amount of badly rolled stuff they must still support, like their dangerous key exchange SECIO built on the legacy curve sep256k1, but it’ll go deep than that.

Jeff
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev