On 26 Oct 2017, at 10:39, Mirimir mirimir@riseup.net wrote:
On 10/25/2017 12:31 PM, teor wrote:
On 26 Oct 2017, at 10:23, Mirimir mirimir@riseup.net wrote:
On 10/25/2017 11:31 AM, Paul Templeton wrote:
How long is your relay blackholed for?
Usually 12Hrs - I'll look at a second IP to see if it helps a bit.
Having the ability to rotate address would be good... :)
Paul
I wonder how quickly the subnet would get black-holed.
I've thought of doing that with IPv6. With a /64, the relay could use a new OutboundBindAddress for each circuit.
Or each stream.
Right, per stream :) That'd be cool.
There's a design tradeoff here: using a different address for each stream provides less linkability between streams on the same circuit. But it may confuse remote websites that expect all requests from a page to come from the same source IP address.
Could circuit vs stream be configurable in the client?
That would split the anonymity set of clients, making any client that chose the non-default option stand out.
Clients like Tor Browser already do some fairly complicated things to isolate circuits from different websites, and I wouldn't want to interfere with that.
I think we would probably choose an IP per stream, because our design is willing to compromise usability on a few websites for privacy on all.
I'll also talk to the Tor Browser folks about this, because they may have an opinion.
-- Tim / teor
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------