[tor-relays] Auto-detect and enable IPv6 // Re: Please enable IPv6 on your relay!

Speak Freely when2plus2is5 at riseup.net
Fri May 22 13:31:02 UTC 2015 

Roman,

First, I would like to apologize for the language below. It's not the
nicest way for me to communicate, but I wrote it all down and don't want
to have to re-write it to soften the content. An apologetic disclaimer
is what you get instead. :)

I'm sorry for the vulgarity.

--------------------------------------------------------------

Uhh, I would like to point out that it would be exceptionally stupid
to have Tor autoconfigure IP addresses, regardless of whether it's
IPv4 or IPv6.

Unless of course you have some automagical way of Tor determining
which IP address you want to use. I'm sure fairy dust can be used to
determine which  IP address you want to use, but I can't think of a
single method for any application to correctly guess which IP address
you want to use that doesn't include Tinker Bell and her tiny friends.

The examples you provided are for servers with 1 single IP address, a
relatively trivial system. In that case, it's easy to guess which IP
to use. So yes, Tor can *guess* which IPv4 to use, but it's a fecking
guess! STUPID!

What if I want to run a webserver on one IP address, and Tor on
another? What if I decide to also run a mail server on a third IP
address? What if I want to run an Onion Service? What if I have a
beefy system with quad 100mbit connections and want to run 4 Tor
relays on the same system? What about a complicated network setup that
uses VMs and requires punching through NAT and port forwarding through
two firewalls to the outside world? Does Apache correctly guess which
IP you want to use, when there are multiple choices? Does your
favourite mail server *know* which IP address to use? NO! So why
should Tor be made of fairy dust?

A certain lack of understanding of best practices seems to be your
problem, not Tor's. This is a security *FEATURE*. The consequences of
magic can be catastrophic, and you should be able to understand the very
real and serious implications. We're all running relays for what is
arguably the very best anonymity software available, not minecraft
servers. You need to take security seriously.

Write a script if it's such a problem! Learn to love sed. This is a
non-problem. This is trivial. You're running 15 relays - which is
awesome, so you're not retarded - you can do this. But seriously, you
need to think about what you just said, and why it's such a terrible idea.

Accusing the developers of a lack of understanding is wholly
unwarranted. You should apologize.



Regards,

Matt
Speak Freely

More information about the tor-relays mailing list