Merge remote-tracking branch 'mikeperry/bug25870_rebase'

1 files changed, 16 insertions, 0 deletions

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 3552dc5014..f42ad0dd3c 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1592,6 +1592,14 @@ The following options are useful only for clients (that is, if
     which means that nodes specified in ExcludeNodes will not be
     picked.
  +
+    When either this option or HSLayer3Nodes are set, the /16 subnet
+    and node family restrictions are removed for hidden service
+    circuits. Additionally, we allow the guard node to be present
+    as the Rend, HSDir, and IP node, and as the hop before it. This
+    is done to prevent the adversary from inferring information
+    about our guard, layer2, and layer3 node choices at later points
+    in the path.
+ +
     This option is meant to be managed by a Tor controller such as
     https://github.com/mikeperry-tor/vanguards that selects and
     updates this set of nodes for you. Hence it does not do load
@@ -1637,6 +1645,14 @@ The following options are useful only for clients (that is, if
     ExcludeNodes have higher priority than HSLayer3Nodes,
     which means that nodes specified in ExcludeNodes will not be
     picked.
+ +
+    When either this option or HSLayer2Nodes are set, the /16 subnet
+    and node family restrictions are removed for hidden service
+    circuits. Additionally, we allow the guard node to be present
+    as the Rend, HSDir, and IP node, and as the hop before it. This
+    is done to prevent the adversary from inferring information
+    about our guard, layer2, and layer3 node choices at later points
+    in the path.
   +
     This option is meant to be managed by a Tor controller such as
     https://github.com/mikeperry-tor/vanguards that selects and