Hi Mahrud,
On 23 Sep 2018, at 12:10, Mahrud S dinovirus@gmail.com wrote:
In short, yes. I think everything mentioned above is correct, and I'm not sure what else to add.
I'm still not quite clear on some of the details:
On Sat, Sep 22, 2018 at 9:09 PM teor teor@riseup.net wrote:
On 23 Sep 2018, at 04:50, Alec Muffett alec.muffett@gmail.com wrote:
That latter seems not very much worse than the information which a compromised exit node would be able to obtain ("Browsing Normal Web over Tor") although it would be a lot more available when the circID is presented to the any backbone observer who can sniff IPv6?
This IPv6 address isn't in the IP header of the packets between Cloudflare's onion service and Cloudflare's proxy.
It's sent inside the TCP (or TLS?) connection between the Tor onion service and the proxy instance, as a text header before any other inner TCP or TLS: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
If Cloudflare encrypts their onion service to proxy connections (and they should), the circuit id will only be known to the onion service and its guard (or rendezvous point, for a single-hop onion service connection).
Is the connections between Cloudflare's Tor onion service and Cloudflare's proxy instance encrypted?
Alternately, if Cloudflare hosts its onions in the same data centre as the proxies they talk to, then the risk of interception is low.
Does Cloudflare host its onion services in the same data centre as the proxies they talk to?
Then, if the proxy strips out this header before sending the request to the origin site, or connects to the origin site using TLS, then this IP address shouldn't be visible on the backbone.
Does the Cloudflare proxy strip out the PROXY header? Or does it get transformed into X-Forwarded-For? (Or something similar?)
Also note: the CloudFlare dashboard shows the circuit id to site owners: https://blog.cloudflare.com/cloudflare-onion-service/
I can't see how having the actual circuit id is useful to site owners. They can't block it effectively, because it's transient. (And the same circuit id can be re-used by independent connections.)
Why does the Cloudflare dashboard show the circuit id to site owners? They can't effectively block a circuit id; if they try, there may be collateral damage to unrelated users; and it is an information leak.
That said, it's no worse than any other onion site operator using the circuit id feature, except that Cloudflare could collect and store a significant number of circuit ids.
How long does Cloudflare retain these circuit ids?
T