[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #33241 [Core Tor/Tor]: Prop 312: 3.2.5. Use Directory Header IPv6 Addresses

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #33241 [Core Tor/Tor]: Prop 312: 3.2.5. Use Directory Header IPv6 Addresses
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 28 Apr 2020 11:41:47 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 28 Apr 2020 07:41:56 -0400
In-reply-to: <044.6c7fe23539b9e2653cafbff4afa369c7@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.6c7fe23539b9e2653cafbff4afa369c7@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#33241: Prop 312: 3.2.5. Use Directory Header IPv6 Addresses
---------------------------+------------------------------------
 Reporter:  teor           |          Owner:  teor
     Type:  task           |         Status:  assigned
 Priority:  Medium         |      Milestone:  Tor: 0.4.4.x-final
Component:  Core Tor/Tor   |        Version:
 Severity:  Normal         |     Resolution:
 Keywords:  prop312, ipv6  |  Actual Points:
Parent ID:  #33049         |         Points:  4
 Reviewer:                 |        Sponsor:  Sponsor55-must
---------------------------+------------------------------------

Comment (by teor):

 Here is my opinion on this feature:

 This feature is complicated. It requires relays to regularly do
 directory fetches over IPv6. These directory connections should be
 over an ORPort, so that the addresses are authenticated.

 As an alternative, we can use IPv6 addresses from NETINFO cells. But
 relays still need to make regular IPv6 ORPort connections:
 https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-
 ipv6-addr.txt#n796

 In both cases, the addresses should only come from outbound
 connections. And we may only want to trust addresses from directory
 authorities.

 We can't make this change on bridges, because they have to imitate
 clients. And clients don't try IPv4 and IPv6 connections yet. (See
 proposal 306.)

 This feature is also high-risk. If we make a mistake, we give network
 adversaries the ability to set our IPv6 address. (But note that we
 already accept this risk for IPv4.)

 Overall, I think we should make this feature optional.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33241#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #33860 [Core Tor/Tor]: Finish test_onionskin_answer()
Next by Author: Re: [tor-bugs] #25431 [Applications/Tor Launcher]: "Tor is censored in my country" does not cover some scenarios
Previous by thread: [tor-bugs] #34045 [Internal Services/Service - git]: Please remove irl from some groups
Next by thread: Re: [tor-bugs] #33245 [Core Tor/Tor]: Prop 312: 3.2.6. Add an AddressDisableIPv6 torrc option
Index(es):
- Author
- Thread