update connectivity

src/connectivity.md

@@ -10,7 +10,7 @@ package for managing the Tor daemon and setting up and tearing down onion
 
 ### Private Key Exposure to the Tor Process
 
-**Status: Unmitigated** (Requires Physical Access or Privilege Escalation to
+**Status:  Partially Mitigated** (Requires Physical Access or Privilege Escalation to
                           exploit)
 
 We must pass the private key of any onion service we wish to set up to the
@@ -19,13 +19,14 @@ process). This is one of the most critical areas that is outside of our
 control. Any binding to a rouge tor process or binary will result in
 compromise of the Onion private key.  
 
-#### Potential Mitigations
+### Mitigations
 
-We should not attempt to bind to the system-provided Tor process as the default,
+Connectivity attempt to bind to the system-provided Tor process as the default,
-unless we have been provided with an authentication token.
+*only* when it has been provided with an authentication token.
 
-Otherwise we should always attempt to deploy our own Tor process using a known
+Otherwise connectivity always attempts to deploy its own Tor process
-good binary packaged with the syste (outside of the scope of the connectivity
+ using a known
+good binary packaged with the system (outside of the scope of the connectivity
  package)
  
 In the long term we hope an integrated library will become available and allow
@@ -50,8 +51,6 @@ the Tor process changes.
 However, if sufficiently-privileged users wish they can interfere with this
  mechanism, and as such the Tor process is a more brittle component
   interaction than others.
-
-These mechanisms need to be documented.
  
 ## Testing Status