Re: [tor-dev] Onion Service v2 Deprecation Timeline
Quoting Alec Muffett (2020-06-16 14:10:24) >On Tue, 16 Jun 2020 at 12:15, meskio <[1]mes...@sindominio.net> wrote: > > I'm wondering if it will make sense to use Onion-Location in V2 onion > services > to advertise the V3 onion. So existing known V2 services can use it to > upgrade > their users to V3. > > AFAIK right now tor-browser ignores the Onion-Location header if is > already > coming from an onion service. Will it make sense to stop ignoring it at > least > for V2 onion services? > >Or the site could just issue a Location header and/or explicit redirect to >the v3 service? >After all, if the v2 site is compromised to the point where that's a >problem, then there are larger issues / "game over", etc. True, I agree I don't see much value added to do the Onion-Location instead of just doing a redirect. I guess this is a better way of upgrading users. -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan. signature.asc Description: signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Onion Service v2 Deprecation Timeline
On Tue, 16 Jun 2020 at 12:15, meskio wrote: > I'm wondering if it will make sense to use Onion-Location in V2 onion > services > to advertise the V3 onion. So existing known V2 services can use it to > upgrade > their users to V3. > > AFAIK right now tor-browser ignores the Onion-Location header if is > already > coming from an onion service. Will it make sense to stop ignoring it at > least > for V2 onion services? > Or the site could just issue a Location header and/or explicit redirect to the v3 service? After all, if the v2 site is compromised to the point where that's a problem, then there are larger issues / "game over", etc. -a -- http://dropsafe.crypticide.com/aboutalecm ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Onion Service v2 Deprecation Timeline
Quoting Georg Koppen (2020-06-16 11:15:46) > Roger Dingledine: > > On Mon, Jun 15, 2020 at 12:34:17PM -0400, David Goulet wrote: > >> 1) September 15th, 2020 > >> 0.4.4.x: Tor will start warning onion service operators and clients > >> that > >> v2 is deprecated and will be obsolete in version 0.4.6 > > > > Thanks David. "Late 2020" is also a good timeframe for Tor Browser to > > learn how to warn users when they visit a v2 onion service. > > > > That is, we can't just change the underlying Tor proxy program to write > > warnings in a log file. We need to improve the user flow for popular > > Tor-using apps, starting with Tor Browser and maybe continuing to other > > common Tor-using apps we appreciate such as Brave. > > > > I recognize that the Tor Browser dev team has their hands full with > > keeping up with Mozilla's changes while trying to improve things for > > mobile while having not enough funded developers for those tasks. All > > the more reason to highlight this need early, and to do as much of the > > supporting design/planning/strategy work as we can in other teams like > > the UX team. > > I just Created > > https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40001 > > (via email, yes, you don't need to click around anymore in a GUI to do > this kind of thing ;)). I'm wondering if it will make sense to use Onion-Location in V2 onion services to advertise the V3 onion. So existing known V2 services can use it to upgrade their users to V3. AFAIK right now tor-browser ignores the Onion-Location header if is already coming from an onion service. Will it make sense to stop ignoring it at least for V2 onion services? -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan. signature.asc Description: signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Onion Service v2 Deprecation Timeline
Roger Dingledine: > On Mon, Jun 15, 2020 at 12:34:17PM -0400, David Goulet wrote: >> 1) September 15th, 2020 >> 0.4.4.x: Tor will start warning onion service operators and clients that >> v2 is deprecated and will be obsolete in version 0.4.6 > > Thanks David. "Late 2020" is also a good timeframe for Tor Browser to > learn how to warn users when they visit a v2 onion service. > > That is, we can't just change the underlying Tor proxy program to write > warnings in a log file. We need to improve the user flow for popular > Tor-using apps, starting with Tor Browser and maybe continuing to other > common Tor-using apps we appreciate such as Brave. > > I recognize that the Tor Browser dev team has their hands full with > keeping up with Mozilla's changes while trying to improve things for > mobile while having not enough funded developers for those tasks. All > the more reason to highlight this need early, and to do as much of the > supporting design/planning/strategy work as we can in other teams like > the UX team. I just Created https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40001 (via email, yes, you don't need to click around anymore in a GUI to do this kind of thing ;)). Georg signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Onion Service v2 Deprecation Timeline
On Mon, Jun 15, 2020 at 12:34:17PM -0400, David Goulet wrote: > 1) September 15th, 2020 > 0.4.4.x: Tor will start warning onion service operators and clients that > v2 is deprecated and will be obsolete in version 0.4.6 Thanks David. "Late 2020" is also a good timeframe for Tor Browser to learn how to warn users when they visit a v2 onion service. That is, we can't just change the underlying Tor proxy program to write warnings in a log file. We need to improve the user flow for popular Tor-using apps, starting with Tor Browser and maybe continuing to other common Tor-using apps we appreciate such as Brave. I recognize that the Tor Browser dev team has their hands full with keeping up with Mozilla's changes while trying to improve things for mobile while having not enough funded developers for those tasks. All the more reason to highlight this need early, and to do as much of the supporting design/planning/strategy work as we can in other teams like the UX team. --Roger ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev