one less onion skin

James Muir jamuir at scs.carleton.ca
Wed Mar 7 04:11:16 UTC 2007


A typical Tor circuit looks like

OP -- OR1 -- OR2 -- OR3

where the three "--" links are all TLS connections.  TLS protects the 
OP's communications from adversaries outside the network, but another 
layer of crypto (used inside TLS) is needed to protect them from the 
onion routers themselves (e.g. we don't want OR1 to learn the identity 
of OR3).  Thus, the onion proxy (OP) negotiates AES keys and MAC keys 
with each onion router; call the AES keys k_1, k_2, k_3 and MAC keys 
d_1, d_2, d_3.

My question is this:  why bother with k_1 and d_1?  the communications 
between OP and OR1 don't need to be protected from the other onion 
routers.  I understand the reason for using k_2,d_2 and k_3,d_3, but 
k_1,d_1 doesn't seem to be adding anything.

-James



More information about the tor-talk mailing list