[tor-dev] Proposal: Single onion services

John Brooks john.brooks at dereferenced.net
Sat Sep 5 22:09:48 UTC 2015


tordev123 at Safe-mail.net wrote:
>> The final circuit looks like:
>> 
>> Client -> Guard -> Middle -> Middle -> Single Onion
>> 
>> The client’s traffic is encrypted through to the single onion server as
>> well.
> 
> IMO, the second Middle relay can be considered serving as an exit with regards to Single Onion services - that's what I meant with 'exit node lite'.
> 
> There was the case of an Austrian exit node operator getting prosecuted. It will sometimes be possible to attribute traffic relating to specific transactions to the second Middle node in the path (e.g. when the single onion server keeps detailed logs). So the circumstances of that case could apply to a non-exit relay operator as well.
> 
> Your proposal is shifting non-exit relays towards performing a role that can be considered exit-like, even if that role is much more limited than normal exits (and there is an additional Tor protocol layer involved).

I see at least two important distinctions:

1) A single onion service is intentionally supporting tor users. Unlike an exit relay, you’re never connecting to anything that isn’t explicitly intended to accept tor.

2) The second middle relay in this circuit has no useful information - even less than an exit relay in a traditional circuit.

I don’t think this role can be considered “exit-like” in any way. A single onion service is effectively part of the tor network, even if it’s not relaying other traffic.

- special



More information about the tor-dev mailing list