Opened 18 months ago

Last modified 14 months ago

#25955 new enhancement

onion v2 deprecation plan

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, prop224-extra
Cc: asn, dmr Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

come up with a plan and timeline to deprecate onion v2 services.

This should be the meta ticket for all ticket that need to be solved before we can deprecate onion v2 services.

  • What are the required milestones?
  • What tools depend on onion v2 services?

(random) tentative deprecation date : 2023-12-31

maybe announce it as a tentative date so people depending on onion v2 can speak up about there needs sooner rather than later.

George Kadianakis (asn) wrote:
(https://lists.torproject.org/pipermail/tor-dev/2018-April/013107.html )
The first actual step to v2 deprecation, is to make v3 the default
version. But to get there, we first need to solve various bugs and
issues with the current v3 system (#25552, #22893, #23662, #24977,
etc.). We also need to implement various needed features, like offline
keys (#18098), client-authorization (#20700 ; WIP https://github.com/torproject/tor/pull/36),
control port commands like HSFETCH (#25417) and revive onionbalance for
v3. We might also want to consider possible improvements to the UX of
long onion names (like #24310) (https://blog.torproject.org/cooking-onions-names-your-onions).

After we do most of the above, we can turn the switch to make v3 the
default, and then we need to wait some time for most of the users to
migrate from v2 to v3. After that we can initiate the countdown, and
eventually deprecate v2s for real.

It's hard to provide an actual timeline for the above right
now. However, we are currently applying for some onion-service-related
grants, and hopefully if we get them we will have the funding to
accelerate the development pace.

Child Tickets

TicketTypeStatusOwnerSummary
#20700enhancementclosedhaxxpopprop224: Implement standard client authorization
#24880defectclosedtraumschuleUpdate onion service instructions to use next-gen onion services
#25096taskassignedBump up NumNTorsPerTAP to squeeze out v2 onion service traffic?
#26168enhancementnewRename HSDir consensus flag to OnionDir
#29802defectnewDocument the v3 onion service key files in the tor man page

Change History (10)

comment:1 Changed 18 months ago by atagar

Thanks cypherpunks! Glad we finally have a tracking issue for this. :)

comment:2 Changed 18 months ago by cypherpunks

Cypherpunks, as anyone can see with a moment's thought, to "deprecate" v2 HS would greatly harm the large numbers of Tor users who use them, something Torproject has rightly promised in public not to ever do and should be happy to be held to that promise. So in the absence of a seamless upgrade path allowing users to continue with the same keys and .onion hostnames, it isn't happening in the foreseeable future.

comment:3 Changed 18 months ago by teor

A cypherpunks just added a bunch of tickets as child tickets.
Isis and I have removed the least relevant ones.

Can someone check if you want #18098 and #25417?

comment:4 Changed 18 months ago by asn

Cc: asn added

comment:5 in reply to:  3 Changed 18 months ago by dgoulet

Replying to teor:

A cypherpunks just added a bunch of tickets as child tickets.
Isis and I have removed the least relevant ones.

Can someone check if you want #18098 and #25417?

I've unparent most of them. Even if in the end some turn out to be relevant to parent to this ticket, we should use a keyword instead of a ticket dependency which is mostly used for development workflow.

comment:6 Changed 18 months ago by dmr

Cc: dmr added
Keywords: tor-hs prop224-extra added

Tagging with the keywords that I hope are most appropriate. Please correct me if we should be using prop224-maybe instead of -extra!

comment:7 Changed 14 months ago by traumschule

prop224/hsv3 has been tested for 5 months now, that does not make it stable and there still are reliability issues, but I wonder if this is a good time to create an 'alpha' subpage for the
onion service guide to "officially" explain how to configure doc/NextGenOnions.

This wiki page is locked, maybe it's a good time as well to unlock it to let admins share their experiences and to collect knowledge from tickets gathered in the last months. For example I wanted to add that chmod 700 -R /var/lib/tor is a good idea. (There's quite a collection of sites showing many 'users'/admins ran into #19824, including myself several times :)

I realized it is hard to write about how to configure onion services without mentioning hidden services, at least in torrc itself. What about the option to configure hsv3 this way:

OnionDir /var/lib/tor/onion_service
OnionPort 80 127.0.0.1:80

This would make it easier to set them up, because it implies HiddenServiceVersion 3 and actually deprecate the term HiddenService.

comment:8 Changed 14 months ago by teor

What about the option to configure hsv3 this way:

Tor versions 0.3.2 and later support next-generation onion services using legacy HS torrc option names. So any documentation must use the legacy names, until all Tor versions support the new Onion option names.

See #17343 for a torrc ticket to make Onion an alias for HS in torrc options.
See #26168 for another ticket to make OnionDir a synonym for HSDir in relay flags.

comment:9 Changed 14 months ago by nickm

Milestone: Tor: unspecified

comment:10 in reply to:  7 Changed 14 months ago by asn

Replying to traumschule:

prop224/hsv3 has been tested for 5 months now, that does not make it stable and there still are reliability issues, but I wonder if this is a good time to create an 'alpha' subpage for the
onion service guide to "officially" explain how to configure doc/NextGenOnions.

This wiki page is locked, maybe it's a good time as well to unlock it to let admins share their experiences and to collect knowledge from tickets gathered in the last months. For example I wanted to add that chmod 700 -R /var/lib/tor is a good idea. (There's quite a collection of sites showing many 'users'/admins ran into #19824, including myself several times :)

This was handled as part of #24880. Now the wiki page links to the official instruction page.

Note: See TracTickets for help on using tickets.