diff options
Diffstat (limited to 'doc/tor-design.tex')
-rw-r--r-- | doc/tor-design.tex | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/doc/tor-design.tex b/doc/tor-design.tex index 138730d4b..34fc9fea4 100644 --- a/doc/tor-design.tex +++ b/doc/tor-design.tex @@ -160,11 +160,11 @@ or flooding and send less data until the congestion subsides. \textbf{Directory servers:} The earlier Onion Routing design planned to flood link-state information through the network---an approach -that can be unreliable and open to partitioning attacks or -deception. Tor takes a simplified view toward distributing link-state +that can be unreliable and open to partitioning attacks. +Tor takes a simplified view toward distributing such information. Certain more trusted nodes act as \emph{directory servers}: they provide signed directories that describe known -routers and their availability. Users periodically download these +routers and their availability. Users periodically download the directories via HTTP. \textbf{Variable exit policies:} Tor provides a consistent mechanism @@ -388,8 +388,8 @@ multiple communications to or from a single user. Within this main goal, however, several considerations have directed Tor's evolution. -\textbf{Deployability:} The design must be implemented, -deployed, and used in the real world. Thus it +\textbf{Deployability:} The design must be deployed and used in the +real world. Thus it must not be expensive to run (for example, by requiring more bandwidth than volunteers are willing to provide); must not place a heavy liability burden on operators (for example, by allowing attackers to @@ -491,9 +491,9 @@ which points in the network he should attack. Our adversary might try to link an initiator Alice with her communication partners, or try to build a profile of Alice's behavior. He might mount passive attacks by observing the network edges -and correlating traffic entering and leaving the network---either -by relationships in packet timing; relationships in volume; -or relationships in externally visible user-selected +and correlating traffic entering and leaving the network---by +relationships in packet timing, volume, or externally visible +user-selected options. The adversary can also mount active attacks by compromising routers or keys; by replaying traffic; by selectively denying service to trustworthy routers to move users to |