[tor-onions] Probably-stupid question about Circuit IDs
Alec Muffett
alec.muffett at gmail.com
Sat Sep 22 18:50:27 UTC 2018
On Sat, 22 Sep 2018 at 19:28, Dave Rolek <dmr-x at riseup.net> wrote:
> The circID is scoped under a given connection between adjacent nodes.
>
> A relay node maintains a mapping of circIDs for a circuit - mapping the
> forward and backward circID - for traffic it is relaying.
>
> So for a circuit ...
> client <-ID_a-> guard <-ID_b-> middle <-ID_c-> exit
>
> ... each of the ID_*s are independent, and any node only knows the IDs
> immediately "adjacent" to it. Each connection (e.g. each client to that
> guard) has a independent enumeration/allocation of IDs.
That is an awesome explanation, thank you ever so much.
If I read that right, to the most that an attacker with observability of
the Cloudflare IP addresses could get, is either ...
( using the nomenclature from the diagram at
https://twitter.com/AlecMuffett/status/926032680055201792 )
1) correlation backwards to "Server Side Middle 1" for browsing a normal
onion over Tor; or...
2) correlation backwards to "Client Side Middle" for browsing a single-hop
onion over Tor
Am I correct? That latter seems not very much worse than the information
which a compromised exit node would be able to obtain ("Browsing Normal Web
over Tor") although it would be a lot more available when the circID is
presented to the any backbone observer who can sniff IPv6?
-a
--
>
http://dropsafe.crypticide.com/aboutalecm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20180922/1665df53/attachment.html>
More information about the tor-onions
mailing list