On Fri, 22 Jan 2021 12:02:50 -0500 Nick Mathewson <ni...@torproject.org> wrote:
> o Major bugfixes (authority, IPv6): > - Do not consider multiple relays in the same IPv6 /64 network to be > sybils. Fixes bug 40243; bugfix on 0.4.5.1-alpha. Each /64 should be treated as an equivalent to 1 address in the IPv4 world, so it seems to me that the original code was correct. Any home user gets at least one /64 from their ISP [1]. It is not the minimum routable block on the internet (as per bugreport[2]), the minimum is actually a /48. But it is the minimum block that is usable on a LAN with SLAAC auto-configuration, and as such is the minimum block any ISP will provide to a home broadband subscriber. Some server hosts do put multiple distinct users within the same /64 -- but they are wrong in doing that, there should be no pampering to that practice. I suggest to carefully reconsider if giving a free pass to run any number of relays from a single /64, which are in most cases controlled entirely by a single user, and then relying on path selection to limit the damage, is not weakening the security model too much just to accommodate for a few bad webhosts. [1] https://www.ripe.net/publications/docs/ripe-690/ [2] https://gitlab.torproject.org/tpo/core/tor/-/issues/40243 -- With respect, Roman -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk