posting hidden service descriptors
James Muir
jamuir at scs.carleton.ca
Tue Mar 20 16:37:22 UTC 2007
I am trying to sort out a few low-level details about hidden services.
I know that hidden servers must post their descriptors to the DAs
anonymously to avoid exposing their IP addresses. Is this done through
a normal (i.e. three hop) circuit? I suspect it is not because in
src/or/circuitbuild.c there is a condition for creating one-hop tunnels
and a log message "Launching a one-hop circuit for dir tunnel."
My concern here is that using a one-hop circuit exposes the origin of
the hidden service to that onion router (i.e. the one-hop). Even if the
data the one-hop relays to the DA from the OP is encrypted, the one-hop
still learns an IP address which originates some hidden service
(although, it may not be certain which one exactly).
-James
More information about the tor-talk
mailing list