[tor-bugs] #32637 [Core Tor/Tor]: SocksPort IPv6 flags differs in default config and in Torlauncher prefs, and exits can distinguish them
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Dec 1 07:41:27 UTC 2019
#32637: SocksPort IPv6 flags differs in default config and in Torlauncher prefs,
and exits can distinguish them
-------------------------------------------------+-------------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.4.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: 043-should, ipv6, security-low, no- | Actual Points:
backport |
Parent ID: | Points: 1
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* keywords: => 043-should, ipv6, security-low, no-backport
* points: => 1
Comment:
This is a low-severity security issue, because it involves one bit of
information leakage from clients to exits, and the anonymity sets are
still quite large. (Particularly because every client creates preemptive
circuits, and many send traffic over those circuits.)
We should set PreferIPv6 by default in our first 0.4.3 alpha, and expect a
small amount of breakage:
* A few tools may use dual-stack DNS, but expect IPv4-only connections. Or
the IPv6 might be broken at the remote end.
* IPv6 exits are still rarer than IPv4 exits
* Tor's retry logic may be able to do better with IPv6-only sites, but
that risks leaking information about previous exits' responses to the
client
We should not backport:
* Some long-standing IPv6 bugs are only fixed in 0.4.3
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32637#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list