On 5 Jul 2017, at 10:27, Fof582 fof582@protonmail.com wrote:
Most tor clients send a DNS name, and flags that say whether they allow IPv4 and IPv6, and which one they prefer. They rely on the Exit to resolve the IP address and connect to the site.
On the current network, an IPv6-only Exit won"t get the Exit flag, and therefore won"t get much client traffic. And it probably shouldn"t, until almost all internet sites are on IPv6. Otherwise clients will ask it to connect to IPv4-only sites, and it will fail them.
But thats exactly the case in a "tor exit that can only be reached by ipv6, but reach itself ipv4 and ipv6". Can such a exit be run at the moment? IPv6 can be used on such a exit for in+out-traffic, IPv4 can be used to reach out everything - its just behind a NAT. IPv4-only sites can be reached from the exit. The only case is that the exit itself can only be reached over IPv6 because of IPv4-NAT.
No, Exits need bidirectional connectivity over IPv4, because clients need to build circuits to them via IPv4-only middle relays. (Otherwise the Exit would have to connect our to the middle relay before the path would work, which breaks the clique requirement.)
A similar requirement applies to all public relays, and will continue to apply, until some researchers show how to preserve client anonymity in a non-clique network.
IPv6-only bridges are a special case, because they only connect out. And they look like clients to the rest of the network. We just need to fix the Tor code that makes them work:
https://trac.torproject.org/projects/tor/ticket/4847
T -- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------