Hi,
Sorry I missed these emails. I was on leave around Christmas, and then I was focused on the Relay IPv6 grant when I got back.
On 22 Dec 2019, at 06:28, ILikeTor iliketor@cock.li wrote:
I was wondering how you will implement IPv6-only relays.
IPv6-only relays are out of scope for this sponsor.
We can't add IPv6-only relays, until we have more dual-stack relays. (Or until researchers tell us how to get good user anonymity in non-clique networks.)
So this sponsor is focused on adding more dual-stack relays.
What limits will you set on how many relays can be per /(something)? Will you allow only two relays per /64, for example? Do you have any plans for that already?
We have a draft proposal: * AuthDirMaxServersPerIPv6Site counts relays in a /64 * We will analyse the current number of relays in each /64 on the tor network, to choose a default value * We expect the default to be between 4 and 50
https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6...
This is an optional change, so we might not do it as part of this sponsored work. (The sponsored work goes for the next 6 months.)
On 22 Dec 2019, at 07:26, NOC tor@afo-tm.org wrote:
On 21.12.2019 21:28, ILikeTor wrote:
[..] only two relays per /64, for example? Do you have any plans for that already?[..]
That is already a bad practice for IPv4 and is impossible to do for IPv6. There are server providers which give you a single IPv6 address (/128) and there are some which give you /48. And because some give Additional IP space like candy this limit is dead with IPv6. And I would be very happy to have this restriction to be removed for IPv4 too because it makes no sense till there is proper multi threading, it sucks to waste IP space just because of this nonsense.
I would like better multithreading in Tor. We have designs, but we need more funding (or volunteers) to do projects like this.
One of the tricky parts of multithreading is making all of tor's code more independent. That's hard work!
I would also like to have a better way to resist sybil attacks than using IP addresses. We need help from researchers to come up with better designs.
You can ask the new network health team if you'd like to know more about on resisting bad relays on the network: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkHealthTeam
We also might need a design where new relays go in a separate document, until they have been checked for bandwidth (and any other automatic checks we can do).
T