On 11/24/2016 2:24 AM, Jesse V wrote: > On 11/23/2016 07:04 PM, Yawning Angel wrote: >> Our fix: "Add another command, that does essentially the same thing, >> because people picked the wrong options, then later deal with the >> fallout from people getting used to the temporary command, and crying >> when it's deprecated." >> >> I say "they should fix their code". > > This issue with incorrect implementations reminds me of the > compatibility issues that cause issues with new SSL/TLS standards. These > implementations led to compatibility workarounds that introduced > security issues that had to be eventually fixed by TLS_FALLBACK_SCSV. > > It's not our problem if their code breaks because they made incorrect > assumptions regarding the standard. The polite thing would be to submit > a patch so that Bitcoin nodes can update before we make the change. > > -- > Jesse > Right, which is why I have already submitted just now all the relevant details and I'll keep an eye that everyone is compatible with both v2 and v3 for the transition period to also maintain working configurations. Given that I filed it now, this should give sufficient time to be ready until our first release supporting v3. To be frank, the spec linked to me by teor for ADD_ONION clearly states the difference between :BEST and :RSA1024 so Yawning was right from the first place.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev