diff options
| author | Nick Mathewson <nickm@torproject.org> | 2023-10-14 17:18:16 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2023-10-14 17:18:16 -0400 |
| commit | 334ddfe3d057ea71055e7416187b2d3f41313bef (patch) | |
| tree | 74419d88a74b3dc879626af17288b155c8ffd9c2 /spec/guard-spec | |
| parent | 3c829ac5b86c02ec025c5970b4a1045937da2189 (diff) | |
| download | torspec-334ddfe3d057ea71055e7416187b2d3f41313bef.tar.gz torspec-334ddfe3d057ea71055e7416187b2d3f41313bef.zip | |
Remove more TOCs and merge in introductions.
Diffstat (limited to 'spec/guard-spec')
| -rw-r--r-- | spec/guard-spec/introduction-motivation.md | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/spec/guard-spec/introduction-motivation.md b/spec/guard-spec/introduction-motivation.md deleted file mode 100644 index 628cf1a..0000000 --- a/spec/guard-spec/introduction-motivation.md +++ /dev/null @@ -1,45 +0,0 @@ -<a id="guard-spec.txt-1"></a> - -# Introduction and motivation - -Tor uses entry guards to prevent an attacker who controls some -fraction of the network from observing a fraction of every user's -traffic. If users chose their entries and exits uniformly at -random from the list of servers every time they build a circuit, -then an adversary who had (k/N) of the network would deanonymize -F=(k/N)^2 of all circuits... and after a given user had built C -circuits, the attacker would see them at least once with -probability 1-(1-F)^C. With large C, the attacker would get a -sample of every user's traffic with probability 1. - -To prevent this from happening, Tor clients choose a small number -of guard nodes (e.g. 3). These guard nodes are the only -nodes that the client will connect to directly. If they are not -compromised, the user's paths are not compromised. - -This specification outlines Tor's guard housekeeping algorithm, -which tries to meet the following goals: - -```text - - Heuristics and algorithms for determining how and which guards - are chosen should be kept as simple and easy to understand as - possible. - - - Clients in censored regions or who are behind a fascist - firewall who connect to the Tor network should not experience - any significant disadvantage in terms of reachability or - usability. - - - Tor should make a best attempt at discovering the most - appropriate behavior, with as little user input and - configuration as possible. - - - Tor clients should discover usable guards without too much - delay. - - - Tor clients should resist (to the extent possible) attacks - that try to force them onto compromised guards. - - - Should maintain the load-balancing offered by the path selection - algorithm -``` |