On Thu, 23 Jul 2015 12:50:29 -0700 David Stainton <dstainton415@xxxxxxxxx> wrote: > >> But we have a gigantic userbase, and playing "consumer router > >> support technician" for all of the ones that ship with broken > >> uPnP/NAT-PMP implementations does not fill me with warm fuzzy > >> feelings. > > > > I think this is a weird analysis. How many of those people even try > > to be a relay or a bridge? Do we have numbers on that? Does the > > support team object or are you objecting on their behalf? It just > > seems too hand wavy for too many years to punt on dealing with NAT > > properly. > > If I understand things correctly the uPnP/NAT-PMP is in fact not the > proper way to solve this problem because of the reasons Yawning > mentioned. IPFS (interplanetary filesystem) currently solves this > problem via some complicated protocol with the selection of a > rendezvous server... similar to Tor hidden services. Clearly this is > the correct way to solve the NAT problem. Am I wrong about this? NAT-PMP (aka PCP) is less awful than uPnP is, may actually be ok (as long as you don't try to remove port mappings due to a bug in older miniupnpd), but is primarily an Apple-ism limiting it's usefulness. OTOH, the far more widely supported/deployed uPnP, on consumer routers at least, should be disabled and treated with extreme suspicion till proven otherwise. Regards, -- Yawning Angel
Attachment:
pgpmGoXv6ZDm_.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev