aboutsummaryrefslogtreecommitdiff
path: root/doc/tor-design.tex
diff options
context:
space:
mode:
Diffstat (limited to 'doc/tor-design.tex')
-rw-r--r--doc/tor-design.tex16
1 files changed, 8 insertions, 8 deletions
diff --git a/doc/tor-design.tex b/doc/tor-design.tex
index 138730d4b..34fc9fea4 100644
--- a/doc/tor-design.tex
+++ b/doc/tor-design.tex
@@ -160,11 +160,11 @@ or flooding and send less data until the congestion subsides.
\textbf{Directory servers:} The earlier Onion Routing design
planned to flood link-state information through the network---an approach
-that can be unreliable and open to partitioning attacks or
-deception. Tor takes a simplified view toward distributing link-state
+that can be unreliable and open to partitioning attacks.
+Tor takes a simplified view toward distributing such
information. Certain more trusted nodes act as \emph{directory
servers}: they provide signed directories that describe known
-routers and their availability. Users periodically download these
+routers and their availability. Users periodically download the
directories via HTTP.
\textbf{Variable exit policies:} Tor provides a consistent mechanism
@@ -388,8 +388,8 @@ multiple communications to or from a single user. Within this
main goal, however, several considerations have directed
Tor's evolution.
-\textbf{Deployability:} The design must be implemented,
-deployed, and used in the real world. Thus it
+\textbf{Deployability:} The design must be deployed and used in the
+real world. Thus it
must not be expensive to run (for example, by requiring more bandwidth
than volunteers are willing to provide); must not place a heavy
liability burden on operators (for example, by allowing attackers to
@@ -491,9 +491,9 @@ which points in the network he should attack.
Our adversary might try to link an initiator Alice with her
communication partners, or try to build a profile of Alice's
behavior. He might mount passive attacks by observing the network edges
-and correlating traffic entering and leaving the network---either
-by relationships in packet timing; relationships in volume;
-or relationships in externally visible user-selected
+and correlating traffic entering and leaving the network---by
+relationships in packet timing, volume, or externally visible
+user-selected
options. The adversary can also mount active attacks by compromising
routers or keys; by replaying traffic; by selectively denying service
to trustworthy routers to move users to