[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Not enabling IPv6 on check.torproject.org?



> On 18 Aug 2016, at 23:06, Iain R. Learmonth <irl@xxxxxxxxxxxxxx> wrote:
> 
> Hi,
> 
> On Thu, Aug 18, 2016 at 11:13:08AM +0000, isis agora lovecruft wrote:
>> - Patching Check [1] to use server descriptors (rather than networkstatus
>>   documents) and to additionally (in the Stem script) pull IPv6 addresses
>>   from stem.descriptor.server_descriptor.RelayDescriptor.or_addresses.
> 
> With IPv6 this can be more complicated, as relays may be using "Privacy
> Extensions for Stateless Address Autoconfiguration in IPv6" (RFC4941) which
> means that these IP addresses may change often.
> 
> We should probably give some advice to relay operators to ask them to
> disable privacy extensions?

Relays which change IPv6 addresses can be a good thing, because it allows clients to avoid Exit IPv6 blocks.
But it also makes check.torproject.org unreliable.

Rather than removing a useful block-evasion feature, maybe we could redesign check.torproject.org to check a few different exit addresses?

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org






Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev