[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] About relay size
Scott Bennett <bennett@xxxxxxx> wrote:
> teor <teor2345@xxxxxxxxx> wrote:
>
> >
> > On 3 Oct 2017, at 03:07, Scott Bennett <bennett@xxxxxxx> wrote:
> >
> > >>> In the meantime, I think it would be great to have IPv6-only relays, to
> > >>> avoid this kind of NAT-related issues.
> > >>
> > >> We'd love to make this happen, but the anonymity implications
> > >> of mixed IPv4-only and IPv6-only (non-clique) networks need
> > >> further research. Search the list archives for details.
> > >>
> > > Couldn't that be taken care of in the tor client code? For example, a
> > > client, having chosen a path through which an IPv6-only relay, could extend
> > > the path by one hop to tunnel through a node with both types of interface
> > > published?
> >
> > Yes, clients choose paths, and could choose them using these kinds of
> > restrictions. But current tor relay versions won't extend to other relays
> > over IPv6. Because we don't understand the anonymity implications of
> > restricting the next relay in the path based on the previous relay. Which
> > is why we need further research.
>
> Here's a procedure: if the next hop/destination does not use a protocol
> in common with the client/current hop, a dual-protocoled node must be
> interposed; else use the originally selected hop/destination directly.
> The client-to-first-hop situation is analogous to using a set of entry guards
> today, so that much should be okay. What do IPv6-only clients currently do?
> Allowing IPv6 destinations today limits exit-hop selections to dual-
> protocol-capable exit nodes, which is like using an "ExitNodesIPv6" (if there
> were such a thing) line in torrc with a long and growing list of nodes. How
> long would that list have to be for the warning on the man page under the
> ExitNodes statement definition to become unimportant? How many were there
> when IPv6 destinations were first allowed?
> For interposing dual-protocoled nodes along the way, how many do there
> have to be for it to become "not too limiting"?
> >
> > > A related question is can a relay with only an IPv4 address
> > > published currently set an IPv6 OutboundBindAddress?
> >
> > Yes. This is useful for IPv6 exits without a fixed IPv6 ORPort address.
> >
> That's okay, but what if the node is an entry-and-middle node only?
>
Hmm. On second thought, it's *not* okay because it means that such a
node cannot be a middle node because it could only connect to the IPv6
universe. Or the man page is wrong about OutboundBindAddress. Or there
is something else amiss.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at sdf.org *xor* bennett at freeshell.org *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays