[tor-relays] pinning relay keys to IPs (or not)
starlight.2015q2 at binnacle.cx
starlight.2015q2 at binnacle.cx
Wed Jul 29 02:05:03 UTC 2015
>(where a lot of IPs changed their AS from
>IANA to Digital Ocean)
A couple of minor notes regarding ASNs:
1) many IPs fall under a hierarchy of
ASs where a large core-network provider
(e.g. Level3) advertises a block and a
second client leaf-AS advertises a sub-
block. Sometimes the core AS advertises
the smaller blocks though that has
diminished with the CIDR route
consolidation initiative. Also some
ASs advertise bocks and sub-blocks.
This shows up often with the CYMRU
lookup data
dig +short D.C.B.A.origin.asn.cymru.com txt
and DNS will rotate the multiple
advertisements, so one should
sort the list by CIDR size and
select the smallest block (i.e.
largest CIDR "/" value). Possibly
MaxMind takes care of all this in
their data.
2) one can likely ignore AS changes
when the IP has not changed, thus
avoiding problems caused by network
restructuring
3) perhaps many dynamic allocations
where the IP changes to different AS
can be detected by examining the AS
owner identifiers and looking for
a match
I agree guards are special and perhaps
should not be allowed to change ASs
at all without loosing the flag,
maybe even should stay glued to
one IP to avoid any failed client
connections and the negative impact
that may have on anonymity.
It seems reasonable to allow dynamic-IP
middle and exit relays.
More information about the tor-relays
mailing list