[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: one less onion skin

To: or-talk@xxxxxxxxxxxxx
Subject: Re: one less onion skin
From: Steve Southam <ssoutham@xxxxxxxxxxx>
Date: Tue, 06 Mar 2007 21:29:56 -0800
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 07 Mar 2007 00:30:01 -0500
In-reply-to: <45EE488D.5050402@scs.carleton.ca>
References: <45EE3B64.7060909@scs.carleton.ca> <45EE460E.4040306@ironkey.com> <45EE488D.5050402@scs.carleton.ca>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.9 (Windows/20061207)

I'm not sure if this really happens, but if you have a connection open to an OR and a new circuit is required through it, couldn't ORn-1 send a CREATE_FAST to ORn?

Steve Southam wrote:
Is it because the ORs don't know where they are in the circuit? Of course OR3 knows it's at the end, but the others either recognize or relay.
I agree that not using k_1, d_1 would allow OR1 to determine that they are the first node in a circuit. However, Tor clients already leak this information. The key agreement with OR1 is done using a "CREATE_FAST" command rather than a normal "CREATE". So, once an OR receives a "CREATE_FAST" it knows its position in the circuit. (it might be that Tor clients which are also onion routers themselves do not send "CREATE_FAST"... I am not sure)

So the question is, if we have already leaked this information, are we wasting CPU cycles doing AES with OR1?
-James

Follow-Ups:
- Re: one less onion skin
  - From: James Muir

References:
- one less onion skin
  - From: James Muir
- Re: one less onion skin
  - From: Steve Southam
- Re: one less onion skin
  - From: James Muir

Prev by Author: Re: one less onion skin
Next by Author: Re: Warnings on the download page
Previous by thread: Re: one less onion skin
Next by thread: Re: one less onion skin
Index(es):
- Author
- Thread