Scott Bennett <benn...@sdf.org> wrote: > teor <teor2...@gmail.com> wrote: > > > > > On 3 Oct 2017, at 03:07, Scott Bennett <benn...@sdf.org> wrote: > > > > >>> In the meantime, I think it would be great to have IPv6-only relays, to > > >>> avoid this kind of NAT-related issues. > > >> > > >> We'd love to make this happen, but the anonymity implications > > >> of mixed IPv4-only and IPv6-only (non-clique) networks need > > >> further research. Search the list archives for details. > > >> > > > Couldn't that be taken care of in the tor client code? For example, a > > > client, having chosen a path through which an IPv6-only relay, could > > > extend > > > the path by one hop to tunnel through a node with both types of interface > > > published? > > > > Yes, clients choose paths, and could choose them using these kinds of > > restrictions. But current tor relay versions won't extend to other relays > > over IPv6. Because we don't understand the anonymity implications of > > restricting the next relay in the path based on the previous relay. Which > > is why we need further research. > > Here's a procedure: if the next hop/destination does not use a protocol > in common with the client/current hop, a dual-protocoled node must be > interposed; else use the originally selected hop/destination directly. > The client-to-first-hop situation is analogous to using a set of entry guards > today, so that much should be okay. What do IPv6-only clients currently do? > Allowing IPv6 destinations today limits exit-hop selections to dual- > protocol-capable exit nodes, which is like using an "ExitNodesIPv6" (if there > were such a thing) line in torrc with a long and growing list of nodes. How > long would that list have to be for the warning on the man page under the > ExitNodes statement definition to become unimportant? How many were there > when IPv6 destinations were first allowed? > For interposing dual-protocoled nodes along the way, how many do there > have to be for it to become "not too limiting"? > > > > > A related question is can a relay with only an IPv4 address > > > published currently set an IPv6 OutboundBindAddress? > > > > Yes. This is useful for IPv6 exits without a fixed IPv6 ORPort address. > > > That's okay, but what if the node is an entry-and-middle node only? > Hmm. On second thought, it's *not* okay because it means that such a node cannot be a middle node because it could only connect to the IPv6 universe. Or the man page is wrong about OutboundBindAddress. Or there is something else amiss.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * ********************************************************************** _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays