On 30 Jun 2017, at 16:55, Scott Bennett bennett@sdf.org wrote:
grarpamp grarpamp@gmail.com wrote:
We don't know how to give users good anonymity when some relays can't connect to other relays. This would happen if we allowed IPv4-only relays and IPv6-only relays in the same network.
With "IPv6 only" relays available in the consensus the answer may be... when their count is the same as when IPv4 relays were at the same count, what was being stated and roughly understood about tor's anonymity back then? And is it much different from today. And given respective traffic loadings, etc.
Tor client anonymity relies on every relay being able to connect to every other relay (a "clique network").
Starting the network on IPv4 met this requirement. As did adding some dual-stack relays, because every dual-stack relay could connect to every other relay over IPv4.
But adding IPv6-only relays breaks the clique requirement. We need researchers to help us work out how to add IPv6-only relays (or any other relays that don't clique) and keep clients safe at the same time.
Once we know how to do this, we can add code to make IPv6-only relays work, and add them to the consensus, and tell clients to use them.
Also, is there a problem with having IPv6-only exit service where a
relay is accessable via IPv4 for clients and other relays?
Most tor clients send a DNS name, and flags that say whether they allow IPv4 and IPv6, and which one they prefer. They rely on the Exit to resolve the IP address and connect to the site.
On the current network, an IPv6-only Exit won't get the Exit flag, and therefore won't get much client traffic. And it probably shouldn't, until almost all internet sites are on IPv6. Otherwise clients will ask it to connect to IPv4-only sites, and it will fail them.
T -- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------