Hi Mahrud, > On 23 Sep 2018, at 12:10, Mahrud S <[email protected]> wrote: > > In short, yes. I think everything mentioned above is correct, and I'm not > sure what else to add.
I'm still not quite clear on some of the details: > On Sat, Sep 22, 2018 at 9:09 PM teor <[email protected]> wrote: > >> On 23 Sep 2018, at 04:50, Alec Muffett <[email protected]> wrote: >> >> That latter seems not very much worse than the information which a >> compromised exit node would be able to obtain ("Browsing Normal Web over >> Tor") although it would be a lot more available when the circID is presented >> to the any backbone observer who can sniff IPv6? > > This IPv6 address isn't in the IP header of the packets between Cloudflare's > onion service and Cloudflare's proxy. > > It's sent inside the TCP (or TLS?) connection between the Tor onion service > and the proxy instance, as a text header before any other inner TCP or TLS: > https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt > > If Cloudflare encrypts their onion service to proxy connections (and they > should), the circuit id will only be known to the onion service and its guard > (or rendezvous point, for a single-hop onion service connection). Is the connections between Cloudflare's Tor onion service and Cloudflare's proxy instance encrypted? > Alternately, if Cloudflare hosts its onions in the same data centre as the > proxies > they talk to, then the risk of interception is low. Does Cloudflare host its onion services in the same data centre as the proxies they talk to? > Then, if the proxy strips out this header before sending the request to the > origin > site, or connects to the origin site using TLS, then this IP address > shouldn't be > visible on the backbone. Does the Cloudflare proxy strip out the PROXY header? Or does it get transformed into X-Forwarded-For? (Or something similar?) > Also note: the CloudFlare dashboard shows the circuit id to site owners: > https://blog.cloudflare.com/cloudflare-onion-service/ > > I can't see how having the actual circuit id is useful to site owners. > They can't block it effectively, because it's transient. > (And the same circuit id can be re-used by independent connections.) Why does the Cloudflare dashboard show the circuit id to site owners? They can't effectively block a circuit id; if they try, there may be collateral damage to unrelated users; and it is an information leak. That said, it's no worse than any other onion site operator using the circuit id feature, except that Cloudflare could collect and store a significant number of circuit ids. How long does Cloudflare retain these circuit ids? T
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-onions mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions
