[tor-relays] IPv6 to IPv4 tor exit relays would fix many daily tor-problems

teor teor2345 at gmail.com
Fri Jun 30 07:41:29 UTC 2017 

> On 30 Jun 2017, at 16:55, Scott Bennett <bennett at sdf.org> wrote:
> 
> grarpamp <grarpamp at gmail.com> wrote:
> 
>>> We don't know how to give users good anonymity when some relays can't
>>> connect to other relays. This would happen if we allowed IPv4-only relays
>>> and IPv6-only relays in the same network.
>> 
>> With "IPv6 only" relays available in the consensus the answer may be...
>> when their count is the same as when IPv4 relays were at the same count,
>> what was being stated and roughly understood about tor's anonymity back then?
>> And is it much different from today. And given respective traffic loadings, etc.

Tor client anonymity relies on every relay being able to connect to every
other relay (a "clique network").

Starting the network on IPv4 met this requirement. As did adding some
dual-stack relays, because every dual-stack relay could connect to
every other relay over IPv4.

But adding IPv6-only relays breaks the clique requirement.
We need researchers to help us work out how to add IPv6-only relays
(or any other relays that don't clique) and keep clients safe at the
same time.

Once we know how to do this, we can add code to make IPv6-only relays
work, and add them to the consensus, and tell clients to use them.

>     Also, is there a problem with having IPv6-only exit service where a
> relay is accessable via IPv4 for clients and other relays?

Most tor clients send a DNS name, and flags that say whether they
allow IPv4 and IPv6, and which one they prefer. They rely on the Exit
to resolve the IP address and connect to the site.

On the current network, an IPv6-only Exit won't get the Exit flag, and
therefore won't get much client traffic. And it probably shouldn't,
until almost all internet sites are on IPv6. Otherwise clients will
ask it to connect to IPv4-only sites, and it will fail them.

T
--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170630/875373e7/attachment-0001.sig>

More information about the tor-relays mailing list