[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec/master] Prop 312: Explain public IPv6 addresses



commit 8a9ea6f2245ce3c60938bdb74a1a862b3d403fb4
Author: teor <teor@xxxxxxxxxxxxxx>
Date:   Tue Feb 4 11:35:58 2020 +1000

    Prop 312: Explain public IPv6 addresses
    
    Since relays put the discovered IPv6 address in their descriptor,
    it needs to be publicly routable. (If the relay is on the public
    network.)
    
    As suggested by Nick Mathewson.
    
    Also fix inconsistent use of directory authority, directory server,
    and directory mirror.
    
    Part of 33073.
---
 proposals/312-relay-auto-ipv6-addr.txt | 40 ++++++++++++++++++++++++----------
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/proposals/312-relay-auto-ipv6-addr.txt b/proposals/312-relay-auto-ipv6-addr.txt
index da75812..05ff9de 100644
--- a/proposals/312-relay-auto-ipv6-addr.txt
+++ b/proposals/312-relay-auto-ipv6-addr.txt
@@ -8,10 +8,17 @@ Ticket: #33073
 0. Abstract
 
    We propose that Tor relays (and bridges) should automatically find their
-   IPv6 address, and use it to publish an IPv6 ORPort. For some relays to find
-   their IPv6 address, they may need to fetch some directory documents from
-   directory authorities over IPv6. (For anonymity reasons, bridges are unable
-   to fetch directory documents over IPv6, until clients start to do so.)
+   IPv6 address.
+
+   Like tor's existing IPv4 address auto-detection, the chosen IPv6 address
+   will be published as an IPv6 ORPort in the relay's descriptor. Clients,
+   relays, and authorities connect to relay descriptor IP addresses.
+   Therefore, IP addresses in descriptors need to be publicly routable. (If
+   the relay is running on the public tor network.)
+
+   To discover their IPv6 address, some relays may fetch directory documents
+   over IPv6. (For anonymity reasons, bridges are unable to fetch directory
+   documents over IPv6, until clients start to do so.)
 
 1. Introduction
 
@@ -66,13 +73,24 @@ Ticket: #33073
 
 3. Finding Relay IPv6 Addresses
 
-   We propose that tor relays (and bridges) automatically find their IPv6
-   address, and use it to publish an IPv6 ORPort.
+   We propose that Tor relays (and bridges) should automatically find their
+   IPv6 address.
+
+   Like tor's existing IPv4 address auto-detection, the chosen IPv6 address
+   will be published as an IPv6 ORPort in the relay's descriptor. Clients,
+   relays, and authorities connect to relay descriptor IP addresses.
+   Therefore, IP addresses in descriptors need to be publicly routable. (If
+   the relay is running on the public tor network.)
+
+   Relays should ignore any addresses that are reserved for private networks,
+   and check the reachability of addresses that appear to be public (see
+   [Proposal 311: Relay IPv6 Reachability]). Relays should only publish IP
+   addresses in their descriptor, if they are public and reachable. (If the
+   relay is not running on the public tor network, it may use any IP address.)
 
-   For some relays to find their IPv6 address, they may need to fetch some
-   directory documents from directory authorities over IPv6. (For anonymity
-   reasons, bridges are unable to fetch directory documents over IPv6, until
-   clients start to do so.)
+   To discover their IPv6 address, some relays may fetch directory documents
+   over IPv6. (For anonymity reasons, bridges are unable to fetch directory
+   documents over IPv6, until clients start to do so.)
 
 3.1. Current Relay IPv4 Address Implementation
 
@@ -315,7 +333,7 @@ Ticket: #33073
    section 3.4.1 and [Proposal 306: Client Auto IPv6 Connections].)
 
    We propose that directory authorities should ignore addresses in directory
-   headers. Allowing other authorities (or relays?) to change a directory
+   headers. Allowing other authorities (or relays) to change a directory
    authority's published IP address may lead to security issues. Instead,
    if interface and hostname lookups fail, tor should stop address resolution,
    and return a permanent error. (And issue a log to the operator, see below.)



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits