Quote from: astor on June 12, 2013, 09:07 pmQuote from: SelfSovereignty on June 12, 2013, 07:42 ambut whatever, skipping that: how can this be possible at all, since even assuming they get to the point of impersonating the HSDirs in question due to the properties of the distributed hash table... they still won't have the private key for those servers that the 6 (is it 6?) authoritative directories will be checking for, and so will be ignored anyway?I'm not sure what you're asking here. Frankly, neither am I anymore... I think I had assumed that there was an additional check in place involving an identity key.QuoteQuote from: SelfSovereignty on June 12, 2013, 07:42 amQuote from: Section VI AIn order to confirm that an attacker controls a guard node of a hidden service she needs to control at least one more Tor non-exit relay. In the attack, the hidden service is forced to establish rendezvous circuits to the rendezvous point controlled by the attacker....If all the conditions are satisfied, the attacker decides that her guard node was chosen for the hidden service's rendezvous circuit and marks the previous node in the circuit as the origin of the hidden service.I skipped over some stuff because I"m tired, but I don't understand how this is possible, unless you're running Tor over Tor...? How can a guard ever be chosen as an introduction point for a hidden service -- the guard knows what hidden service it's a guard for, why in God's name would it blindly say "sure, I'll be the rendezvous point for my pal there!" ???The guard node isn't the intro point. The guard and rendezvous nodes are controlled by the attacker.Yeah, I... yeah. I shouldn't try making technical posts to things I've only read on day 2 or 3 awake; what can I say, it's a hard lesson to remember :P