On Sat, 22 Sep 2018 at 19:28, Dave Rolek dmr-x@riseup.net wrote:
The circID is scoped under a given connection between adjacent nodes.
A relay node maintains a mapping of circIDs for a circuit - mapping the forward and backward circID - for traffic it is relaying.
So for a circuit ... client <-ID_a-> guard <-ID_b-> middle <-ID_c-> exit
... each of the ID_*s are independent, and any node only knows the IDs immediately "adjacent" to it. Each connection (e.g. each client to that guard) has a independent enumeration/allocation of IDs.
That is an awesome explanation, thank you ever so much.
If I read that right, to the most that an attacker with observability of the Cloudflare IP addresses could get, is either ...
( using the nomenclature from the diagram at https://twitter.com/AlecMuffett/status/926032680055201792 )
1) correlation backwards to "Server Side Middle 1" for browsing a normal onion over Tor; or...
2) correlation backwards to "Client Side Middle" for browsing a single-hop onion over Tor
Am I correct? That latter seems not very much worse than the information which a compromised exit node would be able to obtain ("Browsing Normal Web over Tor") although it would be a lot more available when the circID is presented to the any backbone observer who can sniff IPv6?
-a