[tor-relays] Improving Relay IPv6 - RIPE Grant

teor teor at riseup.net
Wed Mar 18 15:03:59 UTC 2020


Hi,

Sorry I missed these emails. I was on leave around Christmas, and then I
was focused on the Relay IPv6 grant when I got back.

> On 22 Dec 2019, at 06:28, ILikeTor <iliketor at cock.li> wrote:
> 
> I was wondering how you will implement IPv6-only relays.

IPv6-only relays are out of scope for this sponsor.

We can't add IPv6-only relays, until we have more dual-stack relays.
(Or until researchers tell us how to get good user anonymity in
non-clique networks.)

So this sponsor is focused on adding more dual-stack relays.

> What limits
> will you set on how many relays can be per /(something)? Will you allow
> only two relays per /64, for example? Do you have any plans for that
> already?

We have a draft proposal:
  * AuthDirMaxServersPerIPv6Site counts relays in a /64
  * We will analyse the current number of relays in each /64 on the tor
    network, to choose a default value
  * We expect the default to be between 4 and 50

https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6-addr.txt#n1125

This is an optional change, so we might not do it as part of this
sponsored work. (The sponsored work goes for the next 6 months.)

> On 22 Dec 2019, at 07:26, NOC <tor at afo-tm.org> wrote:
> 
> On 21.12.2019 21:28, ILikeTor wrote:
>> [..]
>> only two relays per /64, for example? Do you have any plans for that
>> already?[..]
> That is already a bad practice for IPv4 and is impossible to do for IPv6. There are server providers which give you a single IPv6 address (/128) and there are some which give you /48. And because some give Additional IP space like candy this limit is dead with IPv6. And I would be very happy to have this restriction to be removed for IPv4 too because it makes no sense till there is proper multi threading, it sucks to waste IP space just because of this nonsense.

I would like better multithreading in Tor. We have designs, but we
need more funding (or volunteers) to do projects like this.

One of the tricky parts of multithreading is making all of tor's
code more independent. That's hard work!

I would also like to have a better way to resist sybil attacks than
using IP addresses. We need help from researchers to come up with
better designs.

You can ask the new network health team if you'd like to know more about
on resisting bad relays on the network:
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkHealthTeam

We also might need a design where new relays go in a separate document,
until they have been checked for bandwidth (and any other automatic
checks we can do).

T




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20200319/c7690b33/attachment.sig>


More information about the tor-relays mailing list