[tor-dev] Proposal: Single onion services

[John Brooks]

tordev123 at Safe-mail.net wrote:

> Doesn't your proposal imply that you are turning all relays into
> exit-nodes lite? The last relay in the path will know what service you are
> connecting to (at least if that service is hosted with a unique relay),
> right?

A single onion service operates its own server(s). These servers accept OR
connections like a relay does, but they aren’t required to be in the
consensus or to relay traffic. They are the servers listed in the
descriptor.

A client connects by extending a circuit to the single onion server. This is
not the same as an exit connection: tor relays will extend circuits to
relays they don't know about, as long as the destination speaks the tor
protocol. It’s possible for any tor relay to be used as the last one before
the single onion server.

If the single onion server isn’t also a tor relay, it’s possible for the
previous relay to guess the service you’re connecting to. This isn’t a risk
to client anonymity, because tor clients will always choose the first three
hops in a circuit before extending to one they didn’t choose. The final
circuit looks like:

Client -> Guard -> Middle -> Middle -> Single Onion

The client’s traffic is encrypted through to the single onion server as
well.

> 
> Have you considered all the implications?

Maybe we’ve missed some - what implications are you thinking of, that aren’t
addressed in the proposal?

Note that all tor relays are already willing to extend circuits to an
arbitrary IP:port - that is not a new behavior, and it’s not thought to be
dangerous.

- special