one less onion skin
James Muir
jamuir at scs.carleton.ca
Wed Mar 7 05:07:25 UTC 2007
Steve Southam wrote:
> Is it because the ORs don't know where they are in the circuit?
> Of course OR3 knows it's at the end, but the others either recognize or
> relay.
I agree that not using k_1, d_1 would allow OR1 to determine that they
are the first node in a circuit. However, Tor clients already leak this
information. The key agreement with OR1 is done using a "CREATE_FAST"
command rather than a normal "CREATE". So, once an OR receives a
"CREATE_FAST" it knows its position in the circuit. (it might be that
Tor clients which are also onion routers themselves do not send
"CREATE_FAST"... I am not sure)
So the question is, if we have already leaked this information, are we
wasting CPU cycles doing AES with OR1?
-James
More information about the tor-talk
mailing list