Opened 5 years ago

Closed 5 years ago

#13286 closed enhancement (implemented)

Drop --disable-curve25519 ?

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.6.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-relay
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We added curve25519 back in 0.2.4. It's proven pretty safe and reliable since then, and I think we'd agree that it's much more cryptographically secure than RSA-1024/DH-1024 TAP.

Is there any reason to keep the ability to disable curve25519 support?

Child Tickets

Change History (10)

comment:1 Changed 5 years ago by arma

Sounds good to me.

That said, there were people who are scared of ECC and still want to use TAP. Does dropping the ability to disable curve25519 support imply dropping the ability to ask Tor to use TAP?

comment:2 Changed 5 years ago by nickm

I guess we could add an option to make Tor clients not use ntor circuit-extension handshakes? I wouldn't expect it to get much more testing than --disable-curve25519, though.

Fundamentally, I don't think these people are asking for a reasonable thing. TAP-1024 (if I may coin a usage) is just not a cryptographicly good option IMO. OTOH, a "TAP-4096" would be really slow, and probably not a great usage of our time to implement.

comment:3 Changed 5 years ago by arma

So the answer is "right now, the only way to use tap rather than ntor is to compile your Tor yourself, using this funky configure option"?

And removing the --disable-curve25519 option would let us rip out the TAP client-side?

Sounds good to me.

If we were extra-conscientious, we would send a short note somewhere telling people that it's happening, so we can be more transparent about these decisions. But I'm not sure there is a good venue for such short notes anymore -- tor-talk used to be it but now it's too full.

comment:4 Changed 5 years ago by nickm

And removing the --disable-curve25519 option would let us rip out the TAP client-side?

Well, we can only rip out TAP client-side once every server supports ntor. Right now, servers that were built with --disable-curve25519 don't provide ntor; and servers running 0.2.3 don't provide ntor.

comment:5 Changed 5 years ago by Sebastian

We could make curve25519 a requirement for servers dirauth-side much earlier before they naturally die out, which might make sense here.

comment:6 Changed 5 years ago by Sebastian

In fact, we should just write a script now to see how many servers are on a version past 0.2.3 and don't have curve25519

comment:7 Changed 5 years ago by arma

Good idea -- we should work towards having no relays in the network that set --disable-curve25519.

comment:8 Changed 5 years ago by nickm

Should we drop 0.2.4 without ntor before we drop 0.2.3? It doesn't seem any worse.

(I agree that we should see if there are significant numbers of routers on >=0.2.4 without ntor, so we can contact them to ask what's up.)

comment:9 Changed 5 years ago by Sebastian

Status: newneeds_review

Please see branch bug13286 in my repo for an implementation to drop the configure option in 0.2.6

comment:10 Changed 5 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

lgtm; merged!

Note: See TracTickets for help on using tickets.