[tor-relays] About relay size

teor teor2345 at gmail.com
Tue Oct 3 13:53:46 UTC 2017


> On 3 Oct 2017, at 08:52, Scott Bennett <bennett at sdf.org> wrote:
> 
> teor <teor2345 at gmail.com> wrote:
> 
>> 
>> On 3 Oct 2017, at 03:07, Scott Bennett <bennett at sdf.org> wrote:
>> 
>>>>> In the meantime, I think it would be great to have IPv6-only relays, to
>>>>> avoid this kind of NAT-related issues.
>>>> 
>>>> We'd love to make this happen, but the anonymity implications
>>>> of mixed IPv4-only and IPv6-only (non-clique) networks need
>>>> further research. Search the list archives for details.
>>>> 
>>>    Couldn't that be taken care of in the tor client code?  For example, a
>>> client, having chosen a path through which an IPv6-only relay, could extend
>>> the path by one hop to tunnel through a node with both types of interface
>>> published?
>> 
>> Yes, clients choose paths, and could choose them using these kinds of
>> restrictions. But current tor relay versions won't extend to other relays
>> over IPv6. Because we don't understand the anonymity implications of
>> restricting the next relay in the path based on the previous relay. Which
>> is why we need further research.
> 
>     Here's a procedure:  if the next hop/destination does not use a protocol
> in common with the client/current hop, a dual-protocoled node must be
> interposed; else use the originally selected hop/destination directly.

But is this procedure safe?
And is it an efficient use of resources to add extra hops?
(That is, is there a more efficient 3-hop algorithm that's just as safe?)
We need research to answer these questions.

> The client-to-first-hop situation is analogous to using a set of entry guards
> today, so that much should be okay.  What do IPv6-only clients currently do?

Choose a relay with an IPv6 ORPort.
(Or configure a bridge with an IPv6 ORPort or pluggable transport.)

IPv6-only clients need to be manually configured using "ClientUseIPv4 0",
because this feature is still experimental. We think it will be safer when all
dual-stack clients use some IPv6 guards.

>     Allowing IPv6 destinations today limits exit-hop selections to dual-
> protocol-capable exit nodes

No, IPv4-only exits are still useful and used, because tor clients typically
send DNS names to exits. IPv6 DNS records typically have IPv4 as well,
so any exit will work. (There's a ticket for better handling of DNS that
only resolves to IPv6.)

And in the rare case of address literals, the client can choose a capable
exit. (I think there's a ticket for this, too.)

> which is like using an "ExitNodesIPv6" (if there
> were such a thing) line in torrc with a long and growing list of nodes.

There are flags on SOCKSPort for IP versions, including PreferIPv6, which
is the default.

> How
> long would that list have to be for the warning on the man page under the
> ExitNodes statement definition to become unimportant?  How many were there
> when IPv6 destinations were first allowed?

The situation isn't analogous.

For safety, IPv6 exit destinations were turned off by default until we had enough
IPv6 exits. Now they are on by default.

But we haven't done the same thing for relays, because we don't know how to
design the feature so it's safe.

>     For interposing dual-protocoled nodes along the way, how many do there
> have to be for it to become "not too limiting"?

This is one of the questions we need researchers to answer.

>>> A related question is can a relay with only an IPv4 address
>>> published currently set an IPv6 OutboundBindAddress?
>> 
>> Yes. This is useful for IPv6 exits without a fixed IPv6 ORPort address.
>> 
>     That's okay, but what if the node is an entry-and-middle node only?

Relays don't extend to IPv6, so you can set the option, but it won't do
anything, because there are no outbound IPv6 connections.

Tim


More information about the tor-relays mailing list