[tor-bugs] #33241 [Core Tor/Tor]: Prop 312: 3.2.5. Use Directory Header IPv6 Addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 28 11:41:47 UTC 2020
#33241: Prop 312: 3.2.5. Use Directory Header IPv6 Addresses
---------------------------+------------------------------------
Reporter: teor | Owner: teor
Type: task | Status: assigned
Priority: Medium | Milestone: Tor: 0.4.4.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: prop312, ipv6 | Actual Points:
Parent ID: #33049 | Points: 4
Reviewer: | Sponsor: Sponsor55-must
---------------------------+------------------------------------
Comment (by teor):
Here is my opinion on this feature:
This feature is complicated. It requires relays to regularly do
directory fetches over IPv6. These directory connections should be
over an ORPort, so that the addresses are authenticated.
As an alternative, we can use IPv6 addresses from NETINFO cells. But
relays still need to make regular IPv6 ORPort connections:
https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-
ipv6-addr.txt#n796
In both cases, the addresses should only come from outbound
connections. And we may only want to trust addresses from directory
authorities.
We can't make this change on bridges, because they have to imitate
clients. And clients don't try IPv4 and IPv6 connections yet. (See
proposal 306.)
This feature is also high-risk. If we make a mistake, we give network
adversaries the ability to set our IPv6 address. (But note that we
already accept this risk for IPv4.)
Overall, I think we should make this feature optional.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33241#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list