[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] New release candidate: Tor 0.4.5.4-rc
On Fri, 22 Jan 2021 12:02:50 -0500
Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote:
> o Major bugfixes (authority, IPv6):
> - Do not consider multiple relays in the same IPv6 /64 network to be
> sybils. Fixes bug 40243; bugfix on 0.4.5.1-alpha.
Each /64 should be treated as an equivalent to 1 address in the IPv4 world, so
it seems to me that the original code was correct.
Any home user gets at least one /64 from their ISP [1]. It is not the minimum
routable block on the internet (as per bugreport[2]), the minimum is actually
a /48. But it is the minimum block that is usable on a LAN with SLAAC
auto-configuration, and as such is the minimum block any ISP will provide to a
home broadband subscriber.
Some server hosts do put multiple distinct users within the same /64 -- but
they are wrong in doing that, there should be no pampering to that practice.
I suggest to carefully reconsider if giving a free pass to run any number of
relays from a single /64, which are in most cases controlled entirely by a
single user, and then relying on path selection to limit the damage, is not
weakening the security model too much just to accommodate for a few bad
webhosts.
[1] https://www.ripe.net/publications/docs/ripe-690/
[2] https://gitlab.torproject.org/tpo/core/tor/-/issues/40243
--
With respect,
Roman
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk