On Fri, 5 Feb 2021 08:51:56 -0500 David Goulet <dgou...@torproject.org> wrote:
> Can you expand here on why you think an operator using a /64 is worst than an > operator using an IPv4 /24 to run their relays? In the IPv4 a single person will rarely have an entire /24 to themselves; as such connections coming from different IPs in a /24 more often assumed to have no relation to each other. ...but in IPv6 a single person *most often* will have a /64, or more. Given the current kinds of deployments maybe not always in datacenters, but always - on broadband customer connections. ...so anyone and their dog can now be "using a /64" in IPv6, and if any filtering, rate-limiting or banning solution happens to believe a /64 to be on the equal grounds with a /24 of IPv4, they can now gain the benefit of doubt of being considered as separate distinct entities, and reap whatever profit to be had from that, if any. > We have large Exit operators on the network that have racks of servers but > only have a /48 available to them and thus they run a "fleet" of Exits on that > very close by address range. A /48 is 65.5 thousands of /64s, so they could use a separate /64 for each relay and that'd still fit more relays than in the entire Tor network. > As for sybil, we are looking for more than 2 relays per address which is the > limit that has been for a long time now. That is true on IPv4 and IPv6 as > well, the checked masked are /32 and /128 respectively. The argument is that since a /64 in IPv6 is often controlled by a single person, for the purposes of spam filtering, rate-limiting, or in this case sybil detection, a /64 by itself should be equaled to "an address" (or "one user"), i.e. treated the same as 1 IP (/32) in the IPv4 world. -- With respect, Roman -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
