> On 26 Oct 2017, at 10:39, Mirimir <miri...@riseup.net> wrote: > > On 10/25/2017 12:31 PM, teor wrote: >> >>> On 26 Oct 2017, at 10:23, Mirimir <miri...@riseup.net> wrote: >>> >>> On 10/25/2017 11:31 AM, Paul Templeton wrote: >>>> >>>>> How long is your relay blackholed for? >>>> Usually 12Hrs - I'll look at a second IP to see if it helps a bit. >>>> >>>> Having the ability to rotate address would be good... :) >>>> >>>> Paul >>> >>> I wonder how quickly the subnet would get black-holed. >>> >>> I've thought of doing that with IPv6. With a /64, the relay could use a >>> new OutboundBindAddress for each circuit. >> >> Or each stream. > > Right, per stream :) That'd be cool. > >> There's a design tradeoff here: using a different address for each stream >> provides less linkability between streams on the same circuit. But it may >> confuse remote websites that expect all requests from a page to come from >> the same source IP address. > > Could circuit vs stream be configurable in the client?
That would split the anonymity set of clients, making any client that chose the non-default option stand out. Clients like Tor Browser already do some fairly complicated things to isolate circuits from different websites, and I wouldn't want to interfere with that. >> I think we would probably choose an IP per stream, because our design is >> willing to compromise usability on a few websites for privacy on all. I'll also talk to the Tor Browser folks about this, because they may have an opinion. -- Tim / teor PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
