[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

one less onion skin



A typical Tor circuit looks like

OP -- OR1 -- OR2 -- OR3

where the three "--" links are all TLS connections. TLS protects the OP's communications from adversaries outside the network, but another layer of crypto (used inside TLS) is needed to protect them from the onion routers themselves (e.g. we don't want OR1 to learn the identity of OR3). Thus, the onion proxy (OP) negotiates AES keys and MAC keys with each onion router; call the AES keys k_1, k_2, k_3 and MAC keys d_1, d_2, d_3.

My question is this: why bother with k_1 and d_1? the communications between OP and OR1 don't need to be protected from the other onion routers. I understand the reason for using k_2,d_2 and k_3,d_3, but k_1,d_1 doesn't seem to be adding anything.

-James