[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: IPv6 Exit [was: Status of Tor proposals ...]



On Wed, Apr 09, 2008 at 09:54:39PM -0700, coderman wrote:
> On Wed, Apr 9, 2008 at 9:36 PM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
> > ...
> >    117  IPv6 exits
> >
> >         This is a good start but could use some revision.  See earlier
> >         thread.  I want to merge in IPv6 support in 0.2.1.x, including
> >         support for both entries and exits, so a revision of this
> >         proposal is important.  Marking as NEEDS-REVISION.
> 
> 
> i'm probably just overlooking an obvious discussion, but i don't see a
> thread related to IPv6 entry support and/or the previous thread
> referenced here.

Ah, I should have been more explicit here.  I don't recall much
previous discussion on IPv6 entries.  Previous good ipv6 exit proposal
discussion was in July and December:
   http://archives.seul.org/or/dev/Jul-2007/threads.html
     (See "IPv6 exit proposal" thread)
   http://archives.seul.org/or/dev/Dec-2007/threads.html
     (See "Tor Ipv6-Patch" thread)

What I mean by entries is that, if servers with IPv6 addresses
advertise those addresses in addition to their IPv4 addresses, we can
suppport IPv6-only clients.  I hear such things starting to exist in
some obscure-but-important places.

> does the "entry" support imply full IPv6 support?  (or is "entry"
> simply the requisite client support for utilizing IPv6 exit
> capability?)

Full IPv6 support isn't on my personal radar for 0.2.1.x.  Making
server-to-server connections use IPv6 is problematic, because if there
are some Tor nodes without IPv4 addresses, then only nodes with IPv6
addresses can contact them.  But this changes our network topology in
ways that could compromise anonymity and that need to be analyzed.

> > Other problems are:
> >    - The process doesn't seem to look far enough future.  We seem
> >     to be planning for the next release, but not for the next two or
> >     three years.
> 
> the UDP/DTLS re-architecture could fit the 3 year time frame ... :P
> 
> (a half joke; this is incredibly complicated, and the easy approaches
> like TCP over UDP will suck in addition to compromising anonymity...
> of course, the challenge is half the fun, right?)

Right.  Personally, I'd like to target this for some time in 2009 or
2010.  It's big enough that if we don't get a good start desiging it,
it won't go anywhere, though.  I'm glad to see that people are
starting to try things out here in the research field; it's an
ambitious project, but the good ones usually are.

(The above paragraph contains idle musings, and is not to be taken as
committing to a roadmap for 2008-2010.)

not-fully-able-to-belive-it'll-be-2010-so-soon-ly yours, 
-- 
Nick