Merge remote-tracking branch 'asn/bug23531'

2017-09-15 08:16:20 -04:00 · 2017-09-15 08:16:20 -04:00 · c4c4d03412
parent 123337bbc9 88c58078fa
commit c4c4d03412
1 changed files with 36 additions and 0 deletions
--- a/changes/prop224
+++ b/changes/prop224
@ -0,0 +1,36 @@
+  o Major features (next-generation onion services):
+    - Tor now supports the next-generation onion services protocol for clients
+      and services! As part of this release, the core of proposal 224 has been
+      implemented and is available for experimentation and testing by our
+      users. This newer version of onion services (v3) features various
+      improvements over the legacy system:
+        a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
+        b) Improved directory protocol leaking less to directory servers.
+        c) Improved directory protocol with smaller surface for targeted attacks.
+        d) Better onion address security against impersonation.
+        e) More extensible introduction/rendezvous protocol.
+        f) A cleaner and more modular codebase.
+
+      Furthermore, as part of this update, onion addresses increase in length
+      and are now 56 characters long:
+         4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion
+
+      In the future, we will be releasing more options and features but we
+      first need a testing period, so that the current codebase matures and
+      becomes more robust. Here are some of the features we have planned:
+        1) Offline keys for onion services
+        2) Advanced client authorization for onion services
+        3) Improved guard algorithm for onion services
+        4) Next-gen onion service statistics
+
+      Please see our proposal for more details:
+        https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt
+
+      The default version for onion services remains v2 (the legacy system)
+      until this new codebase gets tested and hardened.
+
+      Service operators who want to experiment with the new system can use the
+      'HiddenServiceVersion 3' torrc directive along with the regular onion
+      service configuration options.
+
+      We will publish a blog post about this new feature soon! Enjoy!