Hi All,

I'm just skimming Mahrud's patch at

    https://github.com/mahrud/tor/commit/a81eac6d0c0a35adc6036e736565f4a8e2f806fd

...referenced from elsewhere, and also from the blog post:


Luckily for us, the IPv6 space is so vast that we can encode the Tor circuit number as an IP address in an unused range and use the Proxy Protocol to send it to the server. Here is an example of the header that our Tor daemon would insert in the connection:

...and it makes me wonder how far back up the chain of hops towards the client, that the circuit ID is visible to a malicious relay? Is it mostly-hidden several onion-skins down? I presume it's not trackable all the way from the client's guard?

Am thinking about the necessary scope for a correlation attack.

    -a

--