> On 26 Oct 2017, at 10:23, Mirimir <miri...@riseup.net> wrote: > > On 10/25/2017 11:31 AM, Paul Templeton wrote: >> >>> How long is your relay blackholed for? >> Usually 12Hrs - I'll look at a second IP to see if it helps a bit. >> >> Having the ability to rotate address would be good... :) >> >> Paul > > I wonder how quickly the subnet would get black-holed. > > I've thought of doing that with IPv6. With a /64, the relay could use a > new OutboundBindAddress for each circuit.
Or each stream. There's a design tradeoff here: using a different address for each stream provides less linkability between streams on the same circuit. But it may confuse remote websites that expect all requests from a page to come from the same source IP address. I think we would probably choose an IP per stream, because our design is willing to compromise usability on a few websites for privacy on all. > But maybe the /64 would just > get black-holed. Maybe. Shall we try it and see? > DirPort and ORPort would, of course, be IPv4. Relays must have an IPv4 ORPort. Relays should also declare (if possible): * an IPv4 DirPort, to help other relays and tools like stem * an IPv6 ORPort, to help IPv6 clients T -- Tim / teor PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
