[or-cvs] cut a paragraph, cut the rendezvous attacks subsec

Fri Jan 30 03:37:13 UTC 2004

Update of /home/or/cvsroot/doc
In directory moria.mit.edu:/home2/arma/work/onion/cvs/doc

Modified Files:
	tor-design.tex 
Log Message:
cut a paragraph, cut the rendezvous attacks subsec


Index: tor-design.tex
===================================================================
RCS file: /home/or/cvsroot/doc/tor-design.tex,v
retrieving revision 1.139
retrieving revision 1.140
diff -u -d -r1.139 -r1.140

--- tor-design.tex	29 Jan 2004 21:18:01 -0000	1.139
+++ tor-design.tex	30 Jan 2004 03:37:10 -0000	1.140
@@ -958,10 +958,10 @@
 stream; it sends the \emph{relay sendme} cell only when the number of bytes pending
 to be flushed is under some threshold (currently 10 cells' worth).
 
-% Maybe omit this next paragraph. -NM
-Currently, non-data relay cells do not affect the windows. Thus we
-avoid potential deadlock issues, for example, arising because a stream
-can't send a \emph{relay sendme} cell when its packaging window is empty.
+%% Maybe omit this next paragraph. -NM
+%Currently, non-data relay cells do not affect the windows. Thus we
+%avoid potential deadlock issues, for example, arising because a stream
+%can't send a \emph{relay sendme} cell when its packaging window is empty.
 
 These arbitrarily chosen parameters seem to give tolerable throughput
 and delay; see Section~\ref{sec:in-the-wild}.
@@ -987,7 +987,6 @@
 A social attacker who offers an illegal or disreputable location-hidden
 service should not be able to ``frame'' a rendezvous router by
 making observers believe the router created that service.
-%slander-resistant? defamation-resistant?
 \textbf{Application-transparent:} Although we require users
 to run special software to access location-hidden servers, we must not
 require them to modify their applications.
@@ -1903,41 +1902,40 @@
 include the right cookie with her request for service, Bob need not even
 acknowledge his existence.
 
-\SubSection{Attacks against rendezvous points}
-
-We describe here attacks against rendezvous points and how well
-the system protects against them.
-
-\emph{Make many introduction requests.}  An attacker could
-try to deny Bob service by flooding his introduction points with
-requests.  Because the introduction points can block requests that
-lack authorization tokens, however, Bob can restrict the volume of
-requests he receives, or require a certain amount of computation for
-every request he receives.
-
-\emph{Attack an introduction point.} An attacker could
-disrupt a location-hidden service by disabling its introduction
-points.  But because a service's identity is attached to its public
-key, the service can simply re-advertise
-itself at a different introduction point. Advertisements can also be
-done secretly so that only high-priority clients know the address of
-Bob's introduction points or so that different clients know of different
-introduction points. This forces the attacker to disable all possible
-introduction points.
-
-\emph{Compromise an introduction point.} An attacker who controls
-Bob's introduction point can flood Bob with
-introduction requests, or prevent valid introduction requests from
-reaching him. Bob can notice a flood, and close the circuit.  To notice
-blocking of valid requests, however, he should periodically test the
-introduction point by sending rendezvous requests and making
-sure he receives them.
-
-\emph{Compromise a rendezvous point.}  A rendezvous
-point is no more sensitive than any other OR on
-a circuit, since all data passing through the rendezvous is encrypted
-with a session key shared by Alice and Bob.
-
+%\SubSection{Attacks against rendezvous points}
+%
+%We describe here attacks against rendezvous points and how well
+%the system protects against them.
+%
+%\emph{Make many introduction requests.}  An attacker could
+%try to deny Bob service by flooding his introduction points with
+%requests.  Because the introduction points can block requests that
+%lack authorization tokens, however, Bob can restrict the volume of
+%requests he receives, or require a certain amount of computation for
+%every request he receives.
+%
+%\emph{Attack an introduction point.} An attacker could
+%disrupt a location-hidden service by disabling its introduction
+%points.  But because a service's identity is attached to its public
+%key, the service can simply re-advertise
+%itself at a different introduction point. Advertisements can also be
+%done secretly so that only high-priority clients know the address of
+%Bob's introduction points or so that different clients know of different
+%introduction points. This forces the attacker to disable all possible
+%introduction points.
+%
+%\emph{Compromise an introduction point.} An attacker who controls
+%Bob's introduction point can flood Bob with
+%introduction requests, or prevent valid introduction requests from
+%reaching him. Bob can notice a flood, and close the circuit.  To notice
+%blocking of valid requests, however, he should periodically test the
+%introduction point by sending rendezvous requests and making
+%sure he receives them.
+%
+%\emph{Compromise a rendezvous point.}  A rendezvous
+%point is no more sensitive than any other OR on
+%a circuit, since all data passing through the rendezvous is encrypted
+%with a session key shared by Alice and Bob.
 
 \end{document}
 

