aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2003-11-04 06:03:29 +0000
committerNick Mathewson <nickm@torproject.org>2003-11-04 06:03:29 +0000
commit44ff60dbaac4a35bea203b7c252ad27ddc20e3fc (patch)
treedd63393dcebf401545339038986e1b7287f222fa
parent7b19ba8aa1f3fcf8b9ee5590eab60be17eecc9a4 (diff)
downloadtor-44ff60dbaac4a35bea203b7c252ad27ddc20e3fc.tar
tor-44ff60dbaac4a35bea203b7c252ad27ddc20e3fc.tar.gz
Edits to most recent edits from arma.
svn:r746
-rw-r--r--doc/tor-design.tex14
1 files changed, 7 insertions, 7 deletions
diff --git a/doc/tor-design.tex b/doc/tor-design.tex
index cff2e177f..0f20d54e5 100644
--- a/doc/tor-design.tex
+++ b/doc/tor-design.tex
@@ -770,8 +770,8 @@ none is available), chooses a suitable OR on that circuit to be the
exit node (usually the last node, but maybe others due to exit policy
conflicts; see Section~\ref{subsec:exitpolicies}), chooses a new
random streamID for the stream, and sends a \emph{relay begin} cell
-to that exit node. The OP uses a streamID of zero for the begin cell
-(so the OR will recognize it), and uses that streamID, destination
+to that exit node. The OP uses a streamID of zero for this cell
+(so the OR will recognize it), and uses the new streamID, destination
address, and port as the contents of the cell's relay payload. Once the
exit node completes the connection to the remote host, it responds
with a \emph{relay connected} cell. Upon receipt, the OP sends a
@@ -809,7 +809,7 @@ all relay cells use layered encryption, only the destination OR knows
that a given relay cell is a request to close a stream. This two-step
handshake allows for TCP-based applications that use half-closed
connections, such as broken HTTP clients that close their side of the
-stream after writing, but are still willing to read.
+stream after writing but are still willing to read.
\SubSection{Integrity checking on streams}
@@ -835,12 +835,12 @@ more complex.
We could do integrity checking of the relay cells at each hop, either
by including hashes or by using an authenticating cipher mode like
EAX \cite{eax}, but there are some problems. First, these approaches
-impose a message-expansion overhead at each hop, and we would have to
+impose a message-expansion overhead at each hop, and so we would have to
either leak the path length or waste bytes by padding to a maximum
path length. Second, these solutions can only verify traffic coming
from Alice: ORs would not be able to include suitable hashes for
the intermediate hops, since the ORs on a circuit do not know the
-other session keys. Third, we have already accepted that our design
+other ORs' session keys. Third, we have already accepted that our design
is vulnerable to end-to-end timing attacks; tagging attacks performed
within the circuit provide no additional information to the attacker.
@@ -949,8 +949,8 @@ to deliver to TCP streams outside the network. Each window is initialized
(say, to 1000 data cells). When a data cell is packaged or delivered,
the appropriate window is decremented. When an OR has received enough
data cells (currently 100), it sends a \emph{relay sendme} cell towards the OP,
-with streamID zero. When an OR receives a \emph{relay sendme} cell with stream
-ID zero, it increments its packaging window. Either of these cells
+with streamID zero. When an OR receives a \emph{relay sendme} cell with
+streamID zero, it increments its packaging window. Either of these cells
increments the corresponding window by 100. If the packaging window
reaches 0, the OR stops reading from TCP connections for all streams
on the corresponding circuit, and sends no more relay data cells until