Glossary The Tor Project Note: This document aims to specify terms, notations or phrases related to Tor and The Tor Project. This glossary is not a design document; it is only a reference. 0. Preliminaries The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. 1.0 Commonly used Tor configuration terms ORPort - Onion Router Port DirPort - Directory Port 2.0 Tor network components 2.1 Relay, aka OR (onion router) 2.1.1 Specific roles Exit relay: The final hop in an exit circuit before traffic leaves the Tor network to connect to external servers. Non-exit relay: Relays which send and receive traffic only to other Tor relays. Entry relay: The first hop in a Tor circuit. Can be either a guard relay or a bridge, with bridges taking precedant. Guard relay: Currently only used as entry relays. Guard relays are rotated more slowly to prevent enumeration attacks. Bridge: A relay intentionally not listed in the public Tor consensus, with the purpose of circumventing entities (such as governments or ISPs) seeking to block clients from using Tor. Currently, bridges are used only as entry relays. Directory cache: On bootstrap, clients will query a directory authority for the latest consensus. However, later consensus fetches can be made to directory caches, which can be any relay in the network. Rendezvous point: A relay connecting a client to a hidden service. Each party will build a three-hop circuit, meeting at the rendezvous point. 2.2 Client, aka OP (onion proxy) 2.3 Authorities: Directory Authority: Nine total in the Tor network, operated by trusted individuals. Directory authorities define and serve the consensus document, i.e, the "state of the network," which contains router statuses for all relays currently in the network. Directory authorities also serve server descriptors, extra info documents, microdescriptors, and the microdescriptor consensus, Bridge Authority: One total. Similar in responsibility to directory authorities, but for bridges. Fallback Directory Mirror: On bootstrap, a client will first attempt to fetch the consensus document from fallback directory mirrors, a relay selected for this role due to its stability and longevity on the network. 2.4 Hidden Service: A hidden service is a server that will only accept incoming connections via the hidden service protocol. Connection initiators will not be able to learn the IP address of the hidden service, allowing the hidden service to receive incoming connections, serve content, etc, while preserving its location anonymity. 2.5 Circuit: An established path through the network, where cryptographic keys are negotiated using the ntor protocol or TAP (Tor Authentication Protocol (deprecated) with each hop. Circuits can differ in length depending on their purpose. See also Leaky Pipe Topology. Origin Circuit - Exit Circuit: A circuit which connects clients to destinations outside the Tor network. For example, if a client wanted to visit duckduckgo.com, this connection would require an exit circuit. Internal Circuit: A circuit whose traffic never leaves the Tor network. For example, a client could connect to a hidden service via an internal circuit. 2.6 Edge connection: 2.7 Consensus: The state of the Tor network, published every hour, decided by a vote from the network's directory authorities. Clients fetch the consensus from directory authorities, fallback directories, or directory caches. 2.8 Descriptor: Each descriptor represents information about one relay in the Tor network. The descriptor includes the relay's IP address, public key fingerprint, along with other data. Relays send descriptors to directory authorities, who will vote and publish a summary of them in the network consensus. 3.0 Tor network protocols Link handshake Circuit handshake Hidden Service Protocol Directory Protocol 4.0 General network definitions Leaky Pipe Topology: The ability for packets to be addressed to any hop in the path of a circuit. In Tor, the destination hop is determined by using the recognized field of relay cells. Stream: In the Tor network specifically, TCP streams are multiplexed over circuits. TLS connection: All pairwise connections in the Tor network are made over TLS.