[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

posting hidden service descriptors

I am trying to sort out a few low-level details about hidden services.

I know that hidden servers must post their descriptors to the DAs anonymously to avoid exposing their IP addresses. Is this done through a normal (i.e. three hop) circuit? I suspect it is not because in src/or/circuitbuild.c there is a condition for creating one-hop tunnels and a log message "Launching a one-hop circuit for dir tunnel."

My concern here is that using a one-hop circuit exposes the origin of the hidden service to that onion router (i.e. the one-hop). Even if the data the one-hop relays to the DA from the OP is encrypted, the one-hop still learns an IP address which originates some hidden service (although, it may not be certain which one exactly).