summaryrefslogtreecommitdiff
path: root/doc/design-paper
diff options
context:
space:
mode:
Diffstat (limited to 'doc/design-paper')
-rw-r--r--doc/design-paper/challenges.tex25
1 files changed, 11 insertions, 14 deletions
diff --git a/doc/design-paper/challenges.tex b/doc/design-paper/challenges.tex
index 897e5cf090..621e1e3f44 100644
--- a/doc/design-paper/challenges.tex
+++ b/doc/design-paper/challenges.tex
@@ -423,8 +423,7 @@ financial health as well as network security.
% this para should probably move to the scalability / directory system. -RD
% Nope. Cut for space, except for small comment added above -PFS
-\section{Crossroads: Policy issues}
-\label{sec:crossroads-policy}
+\section{Policy issues}
Many of the issues the Tor project needs to address extend beyond
system design and technology development. In particular, the
@@ -802,8 +801,7 @@ time.
%[XXX Mention correct DNS-RBL implementation. -NM]
-\section{Crossroads: Design choices}
-\label{sec:crossroads-design}
+\section{Design choices}
In addition to social issues, Tor also faces some design challenges that must
be addressed as the network develops.
@@ -969,15 +967,15 @@ reveal the path taken by large traffic flows under low-usage circumstances.
\label{subsec:helper-nodes}
It has been thought for some time that the best anonymity protection
-comes from running your own node~\cite{or-pet00,tor-design}.
-(In fact, in Onion Routing's first design, this was the only option
-possible~\cite{or-ih96}.) While the first implementation
+comes from running your own node~\cite{tor-design,or-pet00}.
+(In fact, this was the only option in the earliest Onion Routing
+design~\cite{or-ih96}.) While the first implementation
had a fixed path length of five nodes, first generation
-Onion Routing design included random length routes chosen
+Onion Routing design included random length routes chosen
to simultaneously maximize efficiency and unpredictability in routes.
If one followed Tor's three node default
path length, an enclave-to-enclave communication (in which the entry and
-exit nodes were run by enclaves themselves)
+exit nodes were run by enclaves themselves)
would be completely compromised by the
middle node. Thus for enclave-to-enclave communication, four is the fewest
number of nodes that preserves the $\frac{c^2}{n^2}$ degree of protection
@@ -1188,8 +1186,7 @@ trust decisions than the Tor developers.
%RIAA; less so if threat is to application data or individuals or...
\section{Scaling}
-%\label{sec:crossroads-scaling}
-%P2P + anonymity issues:
+\label{sec:scaling}
Tor is running today with hundreds of nodes and tens of thousands of
users, but it will certainly not scale to millions.
@@ -1486,16 +1483,16 @@ this stage if the developers stopped actively working on it. We may get
an unexpected boon from the fact that we're a general-purpose overlay
network: as Tor grows more popular, other groups who need an overlay
network on the Internet are starting to adapt Tor to their needs.
-
+%
Second, Tor is only one of many components that preserve privacy online.
To keep identifying information out of application traffic, we must build
more and better protocol-aware proxies that are usable by ordinary people.
-
+%
Third, we need to gain a reputation for social good, and learn how to
coexist with the variety of Internet services and their established
authentication mechanisms. We can't just keep escalating the blacklist
standoff forever.
-
+%
Fourth, as described in Section~\ref{sec:scaling}, the current Tor
architecture does not scale even to handle current user demand. We must
find designs and incentives to let clients relay traffic too, without
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion