[tor-relays] About relay size
Scott Bennett
bennett at sdf.org
Tue Oct 3 12:52:10 UTC 2017
teor <teor2345 at gmail.com> wrote:
>
> On 3 Oct 2017, at 03:07, Scott Bennett <bennett at sdf.org> wrote:
>
> >>> In the meantime, I think it would be great to have IPv6-only relays, to
> >>> avoid this kind of NAT-related issues.
> >>
> >> We'd love to make this happen, but the anonymity implications
> >> of mixed IPv4-only and IPv6-only (non-clique) networks need
> >> further research. Search the list archives for details.
> >>
> > Couldn't that be taken care of in the tor client code? For example, a
> > client, having chosen a path through which an IPv6-only relay, could extend
> > the path by one hop to tunnel through a node with both types of interface
> > published?
>
> Yes, clients choose paths, and could choose them using these kinds of
> restrictions. But current tor relay versions won't extend to other relays
> over IPv6. Because we don't understand the anonymity implications of
> restricting the next relay in the path based on the previous relay. Which
> is why we need further research.
Here's a procedure: if the next hop/destination does not use a protocol
in common with the client/current hop, a dual-protocoled node must be
interposed; else use the originally selected hop/destination directly.
The client-to-first-hop situation is analogous to using a set of entry guards
today, so that much should be okay. What do IPv6-only clients currently do?
Allowing IPv6 destinations today limits exit-hop selections to dual-
protocol-capable exit nodes, which is like using an "ExitNodesIPv6" (if there
were such a thing) line in torrc with a long and growing list of nodes. How
long would that list have to be for the warning on the man page under the
ExitNodes statement definition to become unimportant? How many were there
when IPv6 destinations were first allowed?
For interposing dual-protocoled nodes along the way, how many do there
have to be for it to become "not too limiting"?
>
> > A related question is can a relay with only an IPv4 address
> > published currently set an IPv6 OutboundBindAddress?
>
> Yes. This is useful for IPv6 exits without a fixed IPv6 ORPort address.
>
That's okay, but what if the node is an entry-and-middle node only?
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at sdf.org *xor* bennett at freeshell.org *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
More information about the tor-relays
mailing list