[tor-dev] Not enabling IPv6 on check.torproject.org?

teor teor2345 at gmail.com
Thu Aug 18 21:51:25 UTC 2016


> On 18 Aug 2016, at 23:06, Iain R. Learmonth <irl at torproject.org> wrote:
> 
> Hi,
> 
> On Thu, Aug 18, 2016 at 11:13:08AM +0000, isis agora lovecruft wrote:
>> - Patching Check [1] to use server descriptors (rather than networkstatus
>>   documents) and to additionally (in the Stem script) pull IPv6 addresses
>>   from stem.descriptor.server_descriptor.RelayDescriptor.or_addresses.
> 
> With IPv6 this can be more complicated, as relays may be using "Privacy
> Extensions for Stateless Address Autoconfiguration in IPv6" (RFC4941) which
> means that these IP addresses may change often.
> 
> We should probably give some advice to relay operators to ask them to
> disable privacy extensions?

Relays which change IPv6 addresses can be a good thing, because it allows clients to avoid Exit IPv6 blocks.
But it also makes check.torproject.org unreliable.

Rather than removing a useful block-evasion feature, maybe we could redesign check.torproject.org to check a few different exit addresses?

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org






-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160819/2d101642/attachment.sig>


More information about the tor-dev mailing list