[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: IPv6 exit proposal



On Sat, Jul 07, 2007 at 10:54:50AM -0700, coderman wrote:
> apologies for formatting; available at
> http://peertech.org/pub/tor-ipv6-exit-proposal.txt if this is
> unreadable.
> 
> ---
> 
> Proposal : IPv6 exit

Added as proposal 117, and re-wrapped to fit in 80 columns; thanks!


 [...]

>   It should be noted that IPv4 mapped IPv6 addresses are not valid
>   exit destinations.  This mechanism is mainly used to interoperate
>   with both IPv4 and IPv6 clients on the same socket.  Any attempts
>   to use an IPv4 mapped IPv6 address, perhaps to circumvent exit
>   policy for IPv4, must be refused.

Alternatively, we could just apply IPv4 exit policies to IPv4-mapped
IPv6 addresses.  Would that be cleaner?
 [...]
> 1.3. DNS name resolution of IPv6 addresses (AAAA records)
 [...]
>   All routers which perform DNS resolution on behalf of clients
>   (RELAY_RESOLVE) should perform and respond with both A and AAAA
>   resources.

Hm.  We need some way to do this inside the current relay_resolve
format without confusing existing clients.

 [...]
> 3. Questions and concerns
> 
> 3.1. DNS A6 records
> 
>   A6 is explicitly avoided in this document.  There are potential
>   reasons for implementing this, however, the inherent complexity of
>   the protocol and resolvers make this unappealing.  Is there a
>   compelling reason to consider A6 as part of IPv6 exit support?

I'm okay doing nothing with A6 for now.

 [...]
> 3.3. Support for IPv6 only clients
> 
>   It may be useful to support IPv6 only clients using IPv4 mapped IPv6
>   addresses.  This would require transparent DNS proxy using IPv6
>   transport and the ability to map A record responses into IPv4 mapped
>   IPv6 addresses.  The transparent TCP proxy would thus need to detect these
>   mapped addresses and connect to the desired IPv4 host.
> 
>   The relative lack of any IPv6 only hosts or applications makes
>   this a lot of work for very little gain.  Is there a compelling
>   reason to support this capability?

I'd like to add support for ipv6-only clients, but I think that's a
separate proposal. 


yrs,
-- 
Nick Mathewson

Attachment: pgpclDoNwzpGr.pgp
Description: PGP signature