On Tue, May 13, 2008 at 8:55 AM, Roger Dingledine <arma at mit.edu> wrote: > ... > Finally, while we don't know of any attacks that will reveal the > location of a weak-key hidden service, an attacker could derive its > secret key and then pretend to be the hidden service. MITM'ing an .onion; now that's quite a trick...