tordev123@Safe-mail.net wrote:
Doesn't your proposal imply that you are turning all relays into exit-nodes lite? The last relay in the path will know what service you are connecting to (at least if that service is hosted with a unique relay), right?
A single onion service operates its own server(s). These servers accept OR connections like a relay does, but they aren’t required to be in the consensus or to relay traffic. They are the servers listed in the descriptor.
A client connects by extending a circuit to the single onion server. This is not the same as an exit connection: tor relays will extend circuits to relays they don't know about, as long as the destination speaks the tor protocol. It’s possible for any tor relay to be used as the last one before the single onion server.
If the single onion server isn’t also a tor relay, it’s possible for the previous relay to guess the service you’re connecting to. This isn’t a risk to client anonymity, because tor clients will always choose the first three hops in a circuit before extending to one they didn’t choose. The final circuit looks like:
Client -> Guard -> Middle -> Middle -> Single Onion
The client’s traffic is encrypted through to the single onion server as well.
Have you considered all the implications?
Maybe we’ve missed some - what implications are you thinking of, that aren’t addressed in the proposal?
Note that all tor relays are already willing to extend circuits to an arbitrary IP:port - that is not a new behavior, and it’s not thought to be dangerous.
- special