[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: posting hidden service descriptors
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi James,
> I am trying to sort out a few low-level details about hidden services.
>
> I know that hidden servers must post their descriptors to the DAs
> anonymously to avoid exposing their IP addresses. Is this done through
> a normal (i.e. three hop) circuit? I suspect it is not because in
> src/or/circuitbuild.c there is a condition for creating one-hop tunnels
> and a log message "Launching a one-hop circuit for dir tunnel."
>
> My concern here is that using a one-hop circuit exposes the origin of
> the hidden service to that onion router (i.e. the one-hop). Even if the
> data the one-hop relays to the DA from the OP is encrypted, the one-hop
> still learns an IP address which originates some hidden service
> (although, it may not be certain which one exactly).
Just a guess: Maybe Tor is "cannibalizing" an already existing circuit
and adding another hop before connecting to the directory? A one-hop
solution would case headaches for me, too. :)
Karsten
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGABHu0M+WPffBEmURAu/4AKC3HbDQgAUpubiCm3uhQnMvkUl+pgCgo1H8
FUB/JD0xo5zOTf9eSxVTR/4=
=mS/T
-----END PGP SIGNATURE-----