[tor-dev] Onion Service v2 Deprecation Timeline

David Goulet dgoulet at torproject.org
Mon Jun 15 16:34:17 UTC 2020


Greetings everyone!

I will try to make this quick. Deprecation of v2 has already been discussed on
this list [0] and so this is not about re-creating this discussion but rather
giving you the Tor Project timeline for v2 deprecation.

To very quickly summarize why we are deprecating, in one word: Safety. Onion
service v2 uses RSA1024 and 80 bit SHA1 (truncated) addresses [1]. It also
still uses the TAP [2] handshake which has been entirely removed from Tor for
many years now _except_ v2 services. Its simplistic directory system exposes
it to a variety of enumeration and location-prediction attacks that give HSDir
relays too much power to enumerate or even block v2 services. Finally, v2
services are not being developed nor maintained anymore. Only the most severe
security issues are being addressed.

That being said, the deprecation timeline is now quite simple because v3 has
reached a good maturity level:

  * v3 has been the default since Tor 0.3.5.1-alpha.
  * v3 is feature parity with v2.
  * v3 now has Onion Balance support [3]
  * Entire network supports v3 since the End-of-Life of 0.2.9.x series earlier
    this year.

The deprecation to obsolescence timeline:

  1) September 15th, 2020
     0.4.4.x: Tor will start warning onion service operators and clients that
              v2 is deprecated and will be obsolete in version 0.4.6

  2) July 15th, 2021
     0.4.6.x: Tor will no longer support v2 and will be removed from the code
              base.

  3) October 15th, 2021
     We will release new stable versions for all supported series that will
     disable v2.

This effectively means that from _today_ (June 11th 2020), the Internet has
around 15 months to migrate from v2 to v3 once and for all.

We plan to publish a blog post in the coming days/weeks about this
deprecation, in order to inform as many users as possible. It will include the
reasons why, how to migrate and the timeline.

We'll probably run into some difficulties here; no matter how prepared we
think we are, we find that there are always more surprises. Nonetheless, we'll
do our best to fix problems as they come up, and try to make this process as
smooth as possible.

Good Luck!
The tor maintainers.

[0] https://lists.torproject.org/pipermail/tor-dev/2018-April/013097.html
[1] https://shattered.io/
[2] https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n1084
[3] https://blog.torproject.org/cooking-onions-reclaiming-onionbalance

-- 
262Gy/4o+HGG/7ELoDp1drRojN33l7AZaBoRHN6mjXY=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20200615/3b211f40/attachment.sig>


More information about the tor-dev mailing list