this post was submitted on 25 Aug 2023
21 points (100.0% liked)

Programming

13376 readers
1 users here now

All things programming and coding related. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 1 year ago
MODERATORS
 

Read the doc, what are your thoughts?

you are viewing a single comment's thread
view the rest of the comments
[–] jarfil@beehaw.org 1 points 1 year ago* (last edited 1 year ago)

IPv6 supports IPsec, but I think this proposal would be closer to Tor/I2P over IPv6.

For example, a client using an IPv6 ephemeral address, accessing a Tor hidden site, hosted on another client using an IPv6 ephemeral address, will both encrypt, and anonymize both endpoints, with a very short window for any de-anonymization attempts.

I2P will also scramble the whole connection over multiple circuits.

EDIT: reading closer the proposal, I see you only consider connections to public targets, with intermediate nodes keeping a cache of the circuit, and using a shortest path algorithm. It would seem to me that a client on IPv6 ephemeral using a HTTPS (with ECH) connection over Tor, would be safer than in this proposal. Choosing random intermediate nodes is a feature to reduce the chance of a single actor controlling all nodes on the path and being able to log the whole circuit.

I2P takes that a couple steps farther, adding more intermediate nodes, splitting the send and receive parts over different circuits, and expiring circuits periodically.