one less onion skin
Steve Southam
ssoutham at ironkey.com
Wed Mar 7 05:29:56 UTC 2007
I'm not sure if this really happens, but if you have a connection open
to an OR and a new circuit is required through it,
couldn't ORn-1 send a CREATE_FAST to ORn?
> Steve Southam wrote:
>> Is it because the ORs don't know where they are in the circuit?
>> Of course OR3 knows it's at the end, but the others either recognize
>> or relay.
>
> I agree that not using k_1, d_1 would allow OR1 to determine that they
> are the first node in a circuit. However, Tor clients already leak
> this information. The key agreement with OR1 is done using a
> "CREATE_FAST" command rather than a normal "CREATE". So, once an OR
> receives a "CREATE_FAST" it knows its position in the circuit. (it
> might be that Tor clients which are also onion routers themselves do
> not send "CREATE_FAST"... I am not sure)
>
> So the question is, if we have already leaked this information, are we
> wasting CPU cycles doing AES with OR1?
>
> -James
>
More information about the tor-talk
mailing list