[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] prop224: What should we do with torrc options?



teor wrote:
>>>
>>> How does ADD_ONION fit in?
>>
>> It's forward compatible by design, since you have to specify a key type
>> when you handle key management, and Tor gets to do whatever it wants if
>> you ask it to generate a key with the `BEST` algorithm.
>>
>> Assuming people who use it aren't explicitly asking for RSA1024, their
>> apps will magically switch to using Ed25519 automagically one day, when
>> their tor is updated.
>>
>> (People who expect `NEW:BEST` ADD_ONION-ed services to always give
>> RSA1024 based HSes, should fix their code since the spec makes no
>> guarantee that `BEST` will be RSA1024.)
> 
> +1
> 
> (I've changed my opinion, adding a new command is pointless.
> People who want the old ADD_ONION behaviour where BEST produces a v2 HS
> can use an older version of Tor, until the software that makes
> incorrect assumptions is updated.)
> 
> T
> 

I agree that this would be "the technical way" to do it, but real world
usability kind of prevents us to do it this way. The spec for ADD_ONION
indeed does not say that v2 hidden services will be supported forever
and it clearly SHOULD NOT, but it also doesn't make much sense to
abolish it at the first Tor release supporting v3 services (because if
we make ADD_ONION == v3 (best) this is what we are doing).

I don't think it's productive to ask users to already support a new
feature upon our first release providing the said feature.

To add some value on this point, I will bring into discussion a software
that is widely used, produces significant rendezvous traffic and is
important for some people:

Bitcoin Core - latest versions detect if you use Tor and automatically
use ADD_ONION to create v2 services, and, important: it doesn't support
yet the v3 address types because of their length. This way people behind
NAT running it can be better connected by accepting incoming connections
without an open port, some people don't want their upstream provider to
know they are using this app, etc.

Example:
my Bitcoin node (working as a dual stack both on clearnet and onion) has
146 total connections to peers, out of which onion:

~# sudo -u bitnode -i bitcoin-cli getpeerinfo | grep onion | wc -l
29


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev