Hi, I've recently had a look at the old relay early confirmation attack [1], but can't remember what the exact flow of the attack is - i.e. which nodes the attacker needs to control to deanonymize a) client b) hidden service location.
For client, is client's guard and HSDir node enough? I.e. HSDir encodes the service name in relay/relay early cells and guard picks up the pattern? Similarly, for hidden service is control of the service's guard and HSDir node enough? Ondrej [1] https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
