IPv6 exit proposal
nickm at freehaven.net
Tue Jul 10 17:39:26 UTC 2007
On Sat, Jul 07, 2007 at 10:54:50AM -0700, coderman wrote:
> apologies for formatting; available at
> http://peertech.org/pub/tor-ipv6-exit-proposal.txt if this is
> Proposal : IPv6 exit
Added as proposal 117, and re-wrapped to fit in 80 columns; thanks!
> It should be noted that IPv4 mapped IPv6 addresses are not valid
> exit destinations. This mechanism is mainly used to interoperate
> with both IPv4 and IPv6 clients on the same socket. Any attempts
> to use an IPv4 mapped IPv6 address, perhaps to circumvent exit
> policy for IPv4, must be refused.
Alternatively, we could just apply IPv4 exit policies to IPv4-mapped
IPv6 addresses. Would that be cleaner?
> 1.3. DNS name resolution of IPv6 addresses (AAAA records)
> All routers which perform DNS resolution on behalf of clients
> (RELAY_RESOLVE) should perform and respond with both A and AAAA
Hm. We need some way to do this inside the current relay_resolve
format without confusing existing clients.
> 3. Questions and concerns
> 3.1. DNS A6 records
> A6 is explicitly avoided in this document. There are potential
> reasons for implementing this, however, the inherent complexity of
> the protocol and resolvers make this unappealing. Is there a
> compelling reason to consider A6 as part of IPv6 exit support?
I'm okay doing nothing with A6 for now.
> 3.3. Support for IPv6 only clients
> It may be useful to support IPv6 only clients using IPv4 mapped IPv6
> addresses. This would require transparent DNS proxy using IPv6
> transport and the ability to map A record responses into IPv4 mapped
> IPv6 addresses. The transparent TCP proxy would thus need to detect these
> mapped addresses and connect to the desired IPv4 host.
> The relative lack of any IPv6 only hosts or applications makes
> this a lot of work for very little gain. Is there a compelling
> reason to support this capability?
I'd like to add support for ipv6-only clients, but I think that's a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 652 bytes
Desc: not available
More information about the tor-dev