diff options
Diffstat (limited to 'spec/padding-spec/circuit-level-padding.md')
-rw-r--r-- | spec/padding-spec/circuit-level-padding.md | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/spec/padding-spec/circuit-level-padding.md b/spec/padding-spec/circuit-level-padding.md index a220507..33ecfc3 100644 --- a/spec/padding-spec/circuit-level-padding.md +++ b/spec/padding-spec/circuit-level-padding.md @@ -23,7 +23,7 @@ future padding defenses, see the research developer documentation\[17\]. <a id="padding-spec.txt-3.1"></a> -## Circuit Padding Negotiation +## Circuit Padding Negotiation {#negotiation} Circuit padding machines are advertised as "Padding" subprotocol versions (see tor-spec.txt Section 9). The onion service circuit padding machines are @@ -96,7 +96,7 @@ on the circuit, the command is ignored. <a id="padding-spec.txt-3.2"></a> -## Circuit Padding Machine Message Management +## Circuit Padding Machine Message Management { #machine-msg-mgt } Clients MAY send padding cells towards the relay before receiving the circpad_negotiated response, to allow for outbound cover traffic before @@ -112,7 +112,7 @@ immediately tear down such circuits to avoid side channel risk. <a id="padding-spec.txt-3.3"></a> -## Obfuscating client-side onion service circuit setup +## Obfuscating client-side onion service circuit setup { #hiding-circ-setup } The circuit padding currently deployed in Tor attempts to hide client-side onion service circuit setup. Service-side setup is not covered, because doing @@ -129,7 +129,7 @@ Note that inter-arrival timing is not obfuscated by this defense. <a id="padding-spec.txt-3.3.1"></a> -### Common general circuit construction sequences +### Common general circuit construction sequences { #circ-setup-sequences} Most general Tor circuits used to surf the web or download directory information start with the following 6-cell relay cell sequence (cells @@ -156,7 +156,7 @@ network/guard-level adversary. <a id="padding-spec.txt-3.3.2"></a> -### Client-side onion service introduction circuit obfuscation +### Client-side onion service introduction circuit obfuscation { #hiding-intro } Two circuit padding machines work to hide client-side introduction circuits: one machine at the origin, and one machine at the second hop of the circuit. @@ -199,7 +199,7 @@ minutes). <a id="padding-spec.txt-3.3.3"></a> -### Client-side rendezvous circuit hiding +### Client-side rendezvous circuit hiding { #hiding-rendezvous } Following a similar argument as for intro circuits, we are aiming for padded rendezvous circuits to blend in with the initial cell sequence of general @@ -240,7 +240,7 @@ will look alike. <a id="padding-spec.txt-3.3.4"></a> -### Circuit setup machine overhead +### Circuit setup machine overhead { #setup-overhead } For the intro circuit case, we see that the origin-side machine just sends a single \[PADDING_NEGOTIATE\] cell, whereas the origin-side machine sends a @@ -252,7 +252,7 @@ padding cells, for a total of 4 padding cells. <a id="padding-spec.txt-3.4"></a> -## Circuit padding consensus parameters +## Circuit padding consensus parameters { #consenus-parameters } The circuit padding system has a handful of consensus parameters that can either disable circuit padding entirely, or rate limit the total overhead |