[tor-commits] [torspec/master] trivial fixes from earlier readings
arma at torproject.org
arma at torproject.org
Mon Aug 13 20:12:56 UTC 2012
Author: Roger Dingledine <arma at torproject.org>
Date: Mon Aug 13 16:11:46 2012 -0400
trivial fixes from earlier readings
.../190-shared-secret-bridge-authorization.txt | 8 ++++----
proposals/191-mitm-bridge-detection-resistance.txt | 14 +++++++-------
proposals/203-https-frontend.txt | 4 ++--
proposals/ideas/xxx-port-knocking.txt | 2 +-
4 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/proposals/190-shared-secret-bridge-authorization.txt b/proposals/190-shared-secret-bridge-authorization.txt
index 8683652..e3c2f79 100644
@@ -7,7 +7,7 @@ Status: Needs-Revision
Proposals 187 and 189 introduced AUTHORIZE and AUTHORIZED cells.
- Their purpose is to make bridge relays scanning resistant against
+ Their purpose is to make bridge relays scanning-resistant against
censoring adversaries capable of probing hosts to observe whether
they speak the Tor protocol.
@@ -58,7 +58,7 @@ Status: Needs-Revision
generating 10 octets of random data using a strong RNG or PRNG.
Tor bridge implementations MUST store the shared secret in
- 'DataDirectory/keys/bridge_auth_ss_key' in hexademical encoding.
+ 'DataDirectory/keys/bridge_auth_ss_key' in hexadecimal encoding.
Tor bridge implementations MUST support the boolean
'BridgeRequireClientSharedSecretAuthorization' configuration file
@@ -73,9 +73,9 @@ Status: Needs-Revision
Tor client implementations must extend their Bridge line format to
support bridge shared secrets. The new format is:
- Bridge <method> <address:port> [["keyid="]<id-fingerprint>] ["shared_secret="<shared_secret>]
+ Bridge [<method>] <address[:port]> [["keyid="]<id-fingerprint>] ["shared_secret="<shared_secret>]
- where <shared_secret> is the bridge shared secret in hexademical
+ where <shared_secret> is the bridge shared secret in hexadecimal
Tor clients who use bridges with shared-secret-based client
diff --git a/proposals/191-mitm-bridge-detection-resistance.txt b/proposals/191-mitm-bridge-detection-resistance.txt
index 013d76c..5e9848e 100644
@@ -14,7 +14,7 @@ Status: Open
proposals is that of an adversary capable of performing Man In The
Middle attacks to Tor clients. At the moment, Tor clients using the
v3 link protocol have no way to detect such an MITM attack, and
- will gladly send an VERSIONS or an AUTHORIZE cell to the MITMed
+ will gladly send a VERSIONS or AUTHORIZE cell to the MITMed
connection, thereby revealing the Tor protocol and thus the bridge.
This proposal introduces a way for clients to detect an MITMed SSL
@@ -27,8 +27,8 @@ Status: Open
certificate and the client blindly accepting it. This allows the
adversary to perform an MITM attack.
- A Tor client must detect the MITM attack before he initializes the
- Tor protocol by sending a VERSIONS or an AUTHORIZE cell. A good
+ A Tor client must detect the MITM attack before he initiates the
+ Tor protocol by sending a VERSIONS or AUTHORIZE cell. A good
moment to detect such an MITM attack is during the SSL handshake.
To achieve that, bridge operators provide their bridge users with a
@@ -46,13 +46,13 @@ Status: Open
3. Security implications
Bridge clients who have pinned a bridge to a certificate
- fingerprint will be able to detect an MITMing adversary in timely
- fashion. If after detection they act as an innocuous Internet
+ fingerprint will be able to detect an MITMing adversary in time.
+ If after detection they act as an innocuous Internet
client, they can successfully remove suspicion from the SSL
connection and subvert bridge detection.
Pinning a certificate fingerprint and detecting an MITMing attacker
- does not automatically aleviate suspicions from the bridge or the
+ does not automatically alleviate suspicions from the bridge or the
client. Clients must have a behavior to follow after detecting the
MITM attack so that they look like innocent Netizens. This proposal
does not try to specify such a behavior.
@@ -76,7 +76,7 @@ Status: Open
Tor bridge implementations SHOULD provide a command line option
that exports a fully equipped Bridge line containing the bridge
- address and port, the link certificate fingerprint and any other
+ address and port, the link certificate fingerprint, and any other
enabled Bridge options, so that bridge operators can easily send it
to their users.
diff --git a/proposals/203-https-frontend.txt b/proposals/203-https-frontend.txt
index 8d3c2e3..26101b3 100644
@@ -39,7 +39,7 @@ Goals and requirements:
HTTPS client talking to an HTTPS server.
We should make it impossible for an active attacker talking to the
- server to tell a Tor bridge server from regular HTTPS server.
+ server to tell a Tor bridge server from a regular HTTPS server.
We should make it impossible for an active attacker who can MITM the
server to learn from the client whether it thought it was connecting
@@ -205,7 +205,7 @@ Some considerations on distinguishability
Against an active non-MITM attacker, the best probing attacks will be
- ones designed to provoke the system in acting in ways different from
+ ones designed to provoke the system into acting in ways different from
those in which a webserver would act: responding earlier than a web
server would respond, or later, or differently. We need to make sure
that, whatever the front-end program is, it answers anything that
diff --git a/proposals/ideas/xxx-port-knocking.txt b/proposals/ideas/xxx-port-knocking.txt
index 85c27ec..bf5afa0 100644
@@ -45,7 +45,7 @@ no longer possible to rebind to those lower ports after they are closed.
Tor does not know about any OS level packet filtering. Currently there is no
packet filters that understands the Tor network in real time.
-1.x Possible partioning of users by bridge operator
+1.x Possible partitioning of users by bridge operator
Depending on implementation, it may be possible for bridge operators to
uniquely identify users. This appears to be a general bridge issue when a
More information about the tor-commits