[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Not enabling IPv6 on check.torproject.org?

Frederic Jacobs transcribed 3.9K bytes:
> Hello Tor-Dev,
> 
> When opening Tor browser today, I opened check.torproject.org
> <http://check.torproject.org/> and got a really confusing message
> <https://www.fredericjacobs.com/blog/img/tor/ipv6TorCheck.png>.
>
> My assumption is that the circuit had an exit node that had (possibly
> multiple) IPv6-enabled, in addition to it’s IPv4. When the exit node
> connected to the exit node, it did so over IPv6 since check.torproject.org
> <http://check.torproject.org/> has IPv6 addresses.
>
> ~ ❯❯❯ host check.torproject.org
> check.torproject.org is an alias for chiwui.torproject.org.
> chiwui.torproject.org has address 138.201.14.212
> chiwui.torproject.org has IPv6 address 2a01:4f8:172:1b46::abba:20:1
> 
> That’s a scary warning to get in Tor browser. Any reason
> chiwui.torproject.org <http://chiwui.torproject.org/> has an IPv6 address?
> Can it be disabled to avoid having people (unnecessarily) freaking out over
> this warning?
>
> Thoughts?
> 
> Best,
> 
> Frederic 

Hello Frederic,

That's indeed a scary warning.  Removing the AAAA record for check.tpo is
probably the sanest short-term solution.

Long term solutions include:

 - Patching TorDNSEL [0] to add support for IPv6 addresses.  This probably
   requires somewhat of a complete overhaul of TorDNSEL, because:
     1) most of us don't speak Haskell
     2) it's ancient Haskell
     3) the DNSBL was designed to handle queries like
        1.0.0.10.80.4.3.2.1.ip-port.exitlist.example.com.

 - Patching Check [1] to use server descriptors (rather than networkstatus
   documents) and to additionally (in the Stem script) pull IPv6 addresses
   from stem.descriptor.server_descriptor.RelayDescriptor.or_addresses.

Both of those codebases need someone to love them, and contributions from
volunteers feeling so inspired are highly welcome.  A ticket for this is
#19843, [2] although another ticket could be made since that one seems to be
reporting multiple issues (and some of which are not bugs).

Thanks for pointing this out!

[0]: https://gitweb.torproject.org/tordnsel.git/
[1]: https://gitweb.torproject.org/check.git/
[2]: https://trac.torproject.org/projects/tor/ticket/19843

Best regards,
-- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev