[tor-bugs] #4806 [Core Tor/Tor]: Detect and warn when running IPv6-using client without IPv6 address privacy

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 3 00:27:50 UTC 2020 

#4806: Detect and warn when running IPv6-using client without IPv6 address privacy
-------------------------------------------------+-------------------------
 Reporter:  nickm                                |          Owner:  (none)
     Type:  enhancement                          |         Status:
                                                 |  needs_revision
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ipv6, tor-client, nickm-patch,       |  Actual Points:
  intro, privacy                                 |
Parent ID:  #5940                                |         Points:  medium
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 Replying to [comment:41 cypherpunks]:
 > Replying to [comment:39 teor]:
 > > We might end up using parts of this patch to *avoid* IPv6 address
 privacy on relays.
 > but might it would benefit for exit relays exitting traffic? could
 result in less punishment, less captchas for tor users.

 It might, but any sensible IPv6 address blocking service should be
 blocking at /56 or /64 (the host or local network block size), not /128
 (the individual device address). So it's unlikely to work for very long.

 Exit operators will get a rotating IPv6 address by default, if tor exits
 using the default route, and the default route uses IPv6 address privacy.
 (There's nothing we need to do in tor to enable this use case.)

 >  expect the IPv6 orport

 You're right, IPv6 address privacy is unhelpful for ORPorts, because they
 need to stay the same for at least 5 hours after they are published in the
 relay's descriptor. (After the descriptor is posted, it takes up to 1 hour
 for the authority reachability check, up to 1 hour for the consensus to be
 made, and up to 3 hours for all clients to get the consensus.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4806#comment:42>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list