Opened 5 months ago

Last modified 3 months ago

#28675 new enhancement

Deprecate standard cookie authentication

Reported by: wagon Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: technical-debt, 040-deferred-201915
Cc: atagar Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

According to Tor ​specs, cookie authentication is deprecated:

the COOKIE authentication method has been deprecated and will be removed from a future version of Tor.

Now standard applications such as tor-browser and stem/Nyx use safecookie mechanism. If somebody needs to authenticate with safecookie at commandline, it can be done too.

As intermediate step before complete removal of standard cookie authentication I suggest to add a torrc option which disables it by default (e.g. DisableStandardCookieAuthentication 1). If some old application still needs it, this option can be changed to 0.

It was discussed here in relation to Nyx.

Child Tickets

Change History (16)

comment:1 Changed 5 months ago by wagon

Version: Tor: 0.3.4.9

comment:2 Changed 5 months ago by nickm

Milestone: Tor: unspecified

comment:3 Changed 5 months ago by teor

Keywords: technical-debt added
Summary: Tor needs torrc option to disable standard cookie authenticationDeprecate standard cookie authentication
Version: Tor: 0.3.4.9

We usually don't have options to deprecate features. Instead, we warn that the feature will be removed, then we remove the feature, and tell people to use an older release.

comment:4 Changed 5 months ago by arma

For more context, it looks like that sentence went into control-spec in commit c402bdfe in Feb 2012.

It looks like SAFECOOKIE went in during 0.2.2.x and 0.2.3.x, which is a long time ago now.

Re timeframe, Nick said on #5185: "Removing it before 0.2.4.x-rc, yes"

I think removing it any time now is a fine plan.

comment:5 Changed 5 months ago by arma

Owner: arma deleted

comment:6 Changed 5 months ago by arma

Status: assignednew

Please don't assign random tickets to me -- it will slow them down, not speed them up.

comment:7 Changed 5 months ago by wagon

Good. Thank you!

comment:8 in reply to:  4 ; Changed 5 months ago by teor

Replying to arma:

For more context, it looks like that sentence went into control-spec in commit c402bdfe in Feb 2012.

It looks like SAFECOOKIE went in during 0.2.2.x and 0.2.3.x, which is a long time ago now.

So all supported Tor versions support SAFECOOKIE. (As of December 2018, we support 0.2.9, and 0.3.3 and later.)

Re timeframe, Nick said on #5185: "Removing it before 0.2.4.x-rc, yes"

I think removing it any time now is a fine plan.

But we need to allow other apps time to transition.

I suggest that we warn in 0.3.5 (long-term support), and remove in 0.4.0.

comment:9 Changed 5 months ago by wagon

LGTM. After that control-spec.txt should be also properly adjusted.

comment:10 in reply to:  8 ; Changed 5 months ago by arma

Replying to teor:

But we need to allow other apps time to transition.

I wonder if there are any apps that still use the old approach.

I suggest that we warn in 0.3.5 (long-term support), and remove in 0.4.0.

Sounds great.

comment:11 in reply to:  10 Changed 5 months ago by teor

Replying to arma:

Replying to teor:

But we need to allow other apps time to transition.

I wonder if there are any apps that still use the old approach.

A lot of blog posts suggest turning authentication off, rather than using cookie authentication.

Here are some recent exceptions posts or implementations that use cookie authentication:
https://stem.torproject.org/_modules/stem/connection.html
https://airvpn.org/tor/

But they both provide other authentication methods.

Edit: clarify

Last edited 5 months ago by teor (previous) (diff)

comment:12 Changed 5 months ago by nickm

We should warn in 0.3.5, and remove only once we're sure nobody still requires the old authentication method.

comment:13 in reply to:  12 Changed 5 months ago by nickm

Replying to nickm:

We should warn in 0.3.5, and remove only once we're sure nobody still requires the old authentication method.

Or at least, we should know what we are breaking before we remove the old method. :)

comment:14 in reply to:  12 Changed 4 months ago by wagon

Replying to nickm:

We should warn in 0.3.5

I think you have to set a proper milestone for this ticket.

comment:15 Changed 4 months ago by nickm

Milestone: Tor: unspecifiedTor: 0.4.0.x-final

Marking for 0.4.0, but not 0.3.5: it's too late to deprecate in 0.3.5.

comment:16 Changed 3 months ago by nickm

Keywords: 040-deferred-201915 added
Milestone: Tor: 0.4.0.x-finalTor: unspecified

Deferring some tickets from 0.4.0 without proposing them for later. Please tag with 041-proposed if you want to do them.

Note: See TracTickets for help on using tickets.