diff options
| author | Roger Dingledine <arma@torproject.org> | 2003-11-05 01:46:32 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2003-11-05 01:46:32 +0000 |
| commit | 6c68317577eec83a8fed9a0abf4e15a7399585f7 (patch) | |
| tree | 888e909321decba5ff6c6b24c9a40d5d67166e5b | |
| parent | 868b3c9724c59ae0e5719a81b56b4f02419f3f9a (diff) | |
| download | tor-6c68317577eec83a8fed9a0abf4e15a7399585f7.tar tor-6c68317577eec83a8fed9a0abf4e15a7399585f7.tar.gz | |
compress sec1-3, we're at 15pg with standard latex8.sty now
svn:r765
| -rw-r--r-- | doc/tor-design.tex | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/doc/tor-design.tex b/doc/tor-design.tex index 138730d4b..34fc9fea4 100644 --- a/doc/tor-design.tex +++ b/doc/tor-design.tex @@ -160,11 +160,11 @@ or flooding and send less data until the congestion subsides. \textbf{Directory servers:} The earlier Onion Routing design planned to flood link-state information through the network---an approach -that can be unreliable and open to partitioning attacks or -deception. Tor takes a simplified view toward distributing link-state +that can be unreliable and open to partitioning attacks. +Tor takes a simplified view toward distributing such information. Certain more trusted nodes act as \emph{directory servers}: they provide signed directories that describe known -routers and their availability. Users periodically download these +routers and their availability. Users periodically download the directories via HTTP. \textbf{Variable exit policies:} Tor provides a consistent mechanism @@ -388,8 +388,8 @@ multiple communications to or from a single user. Within this main goal, however, several considerations have directed Tor's evolution. -\textbf{Deployability:} The design must be implemented, -deployed, and used in the real world. Thus it +\textbf{Deployability:} The design must be deployed and used in the +real world. Thus it must not be expensive to run (for example, by requiring more bandwidth than volunteers are willing to provide); must not place a heavy liability burden on operators (for example, by allowing attackers to @@ -491,9 +491,9 @@ which points in the network he should attack. Our adversary might try to link an initiator Alice with her communication partners, or try to build a profile of Alice's behavior. He might mount passive attacks by observing the network edges -and correlating traffic entering and leaving the network---either -by relationships in packet timing; relationships in volume; -or relationships in externally visible user-selected +and correlating traffic entering and leaving the network---by +relationships in packet timing, volume, or externally visible +user-selected options. The adversary can also mount active attacks by compromising routers or keys; by replaying traffic; by selectively denying service to trustworthy routers to move users to |