[tor-talk] [Cryptography] Implementing full Internet IPv6 end-to-end encryption based on Cryptographically Generated Address

Alec Muffett alec.muffett at gmail.com
Fri Jan 25 11:32:27 UTC 2019


On Fri, 25 Jan 2019, 10:43 Mirimir <mirimir at riseup.net wrote:

>
> I don't do audio on this box.


I'll wait; most questions about "what do [I] mean?" are answered in that
video.

Let's say that I have a bunch of VPS, running Tor and OnionCat. Each has
> the others' OnionCat IPv6 addresses in its /etc/hosts. Now I can use any
> app that talks TCP/IP, without customization (except re latency).
>

How are you going to inhibit leaks and connections to "promiscuous" service
listener-sockets over the LAN interface? Perhaps firewalls? Yet more /
additional server misconfiguration opportunities?

Safer, instead, for the client to be clear and explicit about what manner
of network address it wishes to connect to.


I'm sure that one could write code that did all the same stuff, using
> actual v3 onion hostnames.



I've done similar hacks using /etc/hosts:

https://github.com/alecmuffett/the-onion-diaries/blob/master/basic-production-onion-server.md

... but that is mostly a server-side convenience, and not strictly
necessary.


.What do you mean by "services"?


As above.


If all you have is SOCKS5, you're pretty
> limited.


My experience suggests otherwise, and I am calling for expansion in this
space.


you use shims like AF_X25. I never had to use that, but I'm sure that
> OnionCat is far less hassle.
>

How many systems do you have using it?

-a


More information about the tor-talk mailing list