[tor-dev] Proposal Idea: IPv6-Only Exit Relays
teor
teor at riseup.net
Fri May 1 06:08:55 UTC 2020
Hi all,
The network team is making it easier to set up a dual-stack Tor relay.
We're currently working on:
* IPv6 reachability self-tests
* IPv6 address auto-detection
* IPv6 relay statistics
We're also thinking about the next IPv6 project. One possibility is
adding IPv6-only exits to the Tor network.
We'd need to solve two technical problems:
1. stop requiring IPv4 in the consensus and circuit code
2. avoiding delays when using an IPv6-only exit for an IPv4-only site
And one deployment problem:
3. Get more dual-stack middle relays (50% - 75%)
Here's a quick sketch of a solution to the IPv4-only site issue:
Clients open two exit streams for every site. One of those streams
must use an exit with IPv4 support. The client uses whichever
stream succeeds first.
Just like the "happy eyeballs" protocol, there is a delay between
launching the two streams:
https://www.rfc-editor.org/rfc/rfc8305.txt
Here are some benefits of a universal change:
* code and protocol consistency
* makes traffic analysis harder
* also helps with other exit failures, for a better user experience
Here are some drawbacks:
* extra load
We can change the delay to manage the tradeoff between load,
user experience, and traffic analysis resistance. Making the delay
longer reduces the load, but makes the user experience worse.
Traffic analysis resistance is a bit more complex. Consistency
across different clients is important, but we also don't want to
create obvious traffic patterns. So there are also some benefits
to randomisation.
If I get time, I'd like to turn these ideas into a proposal.
T
--
teor
----------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20200501/e9689df7/attachment.html>
More information about the tor-dev
mailing list