one less onion skin
James Muir
jamuir at scs.carleton.ca
Wed Mar 7 06:07:06 UTC 2007
Steve Southam wrote:
> I'm not sure if this really happens, but if you have a connection open
> to an OR and a new circuit is required through it,
> couldn't ORn-1 send a CREATE_FAST to ORn?
I suppose that could happen, since the OP controls what commands are
sent down the circuit to OR_{n-1}. However, I don't think it would be a
good idea. If OR_{n-1} sent a CREATE_FAST message to OR_n then OR_{n-1}
would learn the value of the AES key that OR_n shares with the OP.
The only legitimate situation in which a CREATE_FAST should be used is
to do key agreement with OR_1.
-James
More information about the tor-talk
mailing list