[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Draft Proposal for BridgeDB IPv6 Support

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Draft Proposal for BridgeDB IPv6 Support
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Sat, 10 Dec 2011 15:07:34 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 10 Dec 2011 10:07:48 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=yZfd7OWfXLS03odgGtjZe7QjvDAbWDEWV8oAbr5gb/0=; b=pjsmY2gHf/1AaaixI9AALPS0UUgDWLJH3Od1nQX1yZX8WF9aWErXyc/mlC/MsbwyW/ sNb9BPyXfUh6RCqD5hSY6amwpP1P6axXP6dUkz8+2yC6kKz71Q1Q47nmo2g6graNIGd0 WW4lxcbXm8YFvIWb+wt1Wzw/seKT1npa3+Mss=
In-reply-to: <CAJLvQyH1g26XSc2aZEmRq0t6OBu1acd9vj-YqxmvaUU9vtYGEg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAJLvQyH1g26XSc2aZEmRq0t6OBu1acd9vj-YqxmvaUU9vtYGEg@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

On 2011-12-06, Aaron <aagbsn@xxxxxxxx> wrote:

>         How does IPv6 affect address datamining of https distribution?
>           A user may be allocated a /128, or a /64.
>           An adversary may control a /32 or perhaps larger
>           Proposal: Enable reCAPTCHA support by default.

How much would it cost China to have 1000 (or even 10000) CAPTCHAs
solved?  How much of our bridge pool would such an attack obtain?

>         How do IPv6 addresses work with the IPBasedDistributor?
>         #XXX: I need feedback on this
>         # do we use all 128 bits here?
>         # upper N bits? lower N bits? random or specific N bits?

I doubt that a single prefix length would be appropriate for all
networks.  There is no point in using a fixed bitmask other than a
prefix; even if we do not publish the mask, an attacker can easily
determine which bits within the suffix that it controls are used to
select a portion of the bridge pool.  A more complex mapping of IP
addresses to bridge pool locations might work.

Robert Ransom
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Draft Proposal for BridgeDB IPv6 Support
  - From: Ralf-Philipp Weinmann

References:
- [tor-dev] Draft Proposal for BridgeDB IPv6 Support
  - From: Aaron

Prev by Author: [tor-dev] routers as bridges
Next by Author: Re: [tor-dev] Browser-based proxies for circumvention
Previous by thread: Re: [tor-dev] Draft Proposal for BridgeDB IPv6 Support
Next by thread: Re: [tor-dev] Draft Proposal for BridgeDB IPv6 Support
Index(es):
- Author
- Thread