On Mon, 31 Jan 2005, Paul Forgey wrote:
What if a hostile _first_ node from your node were to pretend to honor
your extend requests and complete the connection to the exit point, yet
capture everything that happens? Such a node would be able to determine
that it is the first hop from a particular connection because it would
be able to see clear text data.
Your onion proxy, that is the tor instance that runs locally, is doing
crypto too. It verified that it actually talks to the nodes it thinks
it talks to, it encrypts your traffic etc. No node but the last node
can see the plain text. No node can fool you into thinking it did
extend to another node when it didn't.
That's assuming no bugs and the crypto isn't flawed.