aboutsummaryrefslogtreecommitdiff
path: root/doc/design-paper
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2005-02-08 22:26:24 +0000
committerRoger Dingledine <arma@torproject.org>2005-02-08 22:26:24 +0000
commitec981d4cdb881f5dc7709cef932f51adee365a87 (patch)
treef1a0beb5375eb8fb779e2bdff89a19fb199938d0 /doc/design-paper
parentbcb084d3ba6f7e1f17d6512ea892001da80132ed (diff)
downloadtor-ec981d4cdb881f5dc7709cef932f51adee365a87.tar
tor-ec981d4cdb881f5dc7709cef932f51adee365a87.tar.gz
ispell
svn:r3589
Diffstat (limited to 'doc/design-paper')
-rw-r--r--doc/design-paper/challenges.tex28
1 files changed, 14 insertions, 14 deletions
diff --git a/doc/design-paper/challenges.tex b/doc/design-paper/challenges.tex
index e29765abe..0b216fc09 100644
--- a/doc/design-paper/challenges.tex
+++ b/doc/design-paper/challenges.tex
@@ -60,10 +60,10 @@ perfect forward secrecy, congestion control, directory servers, data
integrity, configurable exit policies, and location-hidden services using
rendezvous points. Tor works on the real-world Internet, requires no special
privileges or kernel modifications, requires little synchronization or
-coordination between nodes, and provides a reasonable tradeoff between
+coordination between nodes, and provides a reasonable trade-off between
anonymity, usability, and efficiency.
-We first deployed a public Tor network in October 2003; since then it has
+We deployed the public Tor network in October 2003; since then it has
grown to over a hundred volunteer-operated nodes
and as much as 80 megabits of
average traffic per second. Tor's research strategy has focused on deploying
@@ -159,7 +159,7 @@ IP packets; it only anonymizes TCP streams and DNS requests
%connections via SOCKS
(but see Section~\ref{subsec:tcp-vs-ip}).
-Most node operators do not want to allow arbitary TCP traffic.% to leave
+Most node operators do not want to allow arbitrary TCP traffic. % to leave
%their server.
To address this, Tor provides \emph{exit policies} so
each exit node can block the IP addresses and ports it is unwilling to allow.
@@ -176,7 +176,7 @@ to join.
Tor research and development has been funded by ONR and DARPA
for use in securing government
-communications, and by the Electronic Frontier Foundation, for use
+communications, and by the Electronic Frontier Foundation for use
in maintaining civil liberties for ordinary citizens online. The Tor
protocol is one of the leading choices
for anonymizing layer in the European Union's PRIME directive to
@@ -201,7 +201,7 @@ anonymity.\footnote{This is not the only possible
direction in anonymity research: designs exist that provide more anonymity
than Tor at the expense of significantly increased resource requirements, or
decreased flexibility in application support (typically because of increased
-latency). Such research does not typically abandon aspirations towards
+latency). Such research does not typically abandon aspirations toward
deployability or utility, but instead tries to maximize deployability and
utility subject to a certain degree of structural anonymity (structural because
usability and practicality affect usage which affects the actual anonymity
@@ -260,7 +260,7 @@ adversaries and our dispersal goals.
% foolish. -NM
More powerful attacks may exist. In \cite{hintz-pet02} it was
shown that an attacker who can catalog data volumes of popular
-responder destinations (say, websites with consistant data volumes) may not
+responder destinations (say, websites with consistent data volumes) may not
need to
observe both ends of a stream to learn source-destination links for those
responders.
@@ -279,7 +279,7 @@ cataloged~\cite{back01} to connect endpoints.
% Hintz stuff and the Back et al. stuff from Info Hiding 01. I've
% separated the two and added the references. -PFS
It has not yet been shown whether these attacks will succeed or fail
-in the presence of the varaibility and volume quantization introduced by the
+in the presence of the variability and volume quantization introduced by the
Tor network, but it seems likely that these factors will at best delay
rather than halt the attacks in the cases where they succeed.
%likely to entail high variability and massive storage since
@@ -397,9 +397,9 @@ more scalable peer-to-peer designs like Tarzan~\cite{tarzan:ccs02} and
MorphMix~\cite{morphmix:fc04} have been proposed in the literature, but
have not yet been fielded. These systems differ somewhat
in threat model and presumably practical resistance to threats.
-Morphmix is close to Tor in circuit setup, and, by separating
+MorphMix is close to Tor in circuit setup, and, by separating
node discovery from route selection from circuit setup, Tor is
-flexible enough to potentially contain a Morphmix experiment within
+flexible enough to potentially contain a MorphMix experiment within
it. We direct the interested reader
to~\cite{tor-design} for a more in-depth review of related work.
@@ -412,7 +412,7 @@ browsing. Commercial single-hop
proxies~\cite{anonymizer} present a single point of failure, where
a single compromise can expose all users' traffic, and a single-point
eavesdropper can perform traffic analysis on the entire network.
-Also, their proprietary implementations place any infrastucture that
+Also, their proprietary implementations place any infrastructure that
depends on these single-hop solutions at the mercy of their providers'
financial health as well as network security.
@@ -526,12 +526,12 @@ So the more cancer survivors on Tor, the better for the human rights
activists. The more malicious hackers, the worse for the normal users. Thus,
reputability is an anonymity issue for two reasons. First, it impacts
the sustainability of the network: a network that's always about to be
-shut down has difficulty attracting and keeping adquate nodes.
+shut down has difficulty attracting and keeping adequate nodes.
Second, a disreputable network is more vulnerable to legal and
political attacks, since it will attract fewer supporters.
While people therefore have an incentive for the network to be used for
-``more reputable'' activities than their own, there are still tradeoffs
+``more reputable'' activities than their own, there are still trade-offs
involved when it comes to anonymity. To follow the above example, a
network used entirely by cancer survivors might welcome file sharers
onto the network, though of course they'd prefer a wider
@@ -805,7 +805,7 @@ time.
\section{Design choices}
-In addition to social issues, Tor also faces some design tradeoffs that must
+In addition to social issues, Tor also faces some design trade-offs that must
be investigated as the network develops.
\subsection{Transporting the stream vs transporting the packets}
@@ -931,7 +931,7 @@ It has long been thought that the best anonymity comes from running your
own node~\cite{tor-design,or-ih96,or-pet00}. This is called using Tor in an
\emph{enclave} configuration. By running Tor clients only on Tor nodes
at the enclave perimeter, enclave configuration can also permit anonymity
-protection even when policy or other requiremnts prevent individual machines
+protection even when policy or other requirements prevent individual machines
within the enclave from running Tor clients~\cite{or-jsac98,or-discex00}.
Of course, Tor's default path length of