cwtch.im
/
secure-development-handbook
3
0
Fork 1
Code Issues 1 Pull Requests Releases Wiki Activity

Update 'src/tapir.md' 

I few spelling fixes and comments where I got lost
This commit is contained in:
kngako 2021-06-25 14:48:08 -07:00
parent 1fe97ca482
commit cd458777f7
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/tapir.md
View File

@ -5,7 +5,7 @@ framework for building anonymous applications.
It is divided into a number of layers:
* Identity - An ed25519 keypair, required for established a Tor v3 onion service
* Identity - An ed25519 keypair, required to establish a Tor v3 onion service
and used to maintain a consistent cryptographic identity for a peer.
* Connections - The raw networking protocol that connects two peers. Connections
are so far only defined over Tor v3 Onion Services (see: [connectivity](./connectivity.md))
@ -23,7 +23,7 @@ application.
### Identity
An ed25519 keypair, required for established a Tor v3 onion service
An ed25519 keypair, required to establish a Tor v3 onion service
and used to maintain a consistent cryptographic identity for a peer.
* InitializeIdentity - from a known, persistent keypair: \\(i,I\\)
@ -100,17 +100,19 @@ we expect it to be protected via a preceeding app in an `ApplicationChain` e.g.
### Ephemeral Connections
Occasionally it is desirable to have a peer conenct to another / a service
Occasionally it is desirable to have a peer connect to another / a service
without using their long term identity (e.g. in the case of connecting to
a Cwtch Server).
In this case we want to enable a convenient way to allow connecting with an
ephemeral identity.
<!-- This is confusing "avoid side channel around avoid
duplicate connections" -->
It turns out that doing this securely requires maintaining a completely separate
set of connections and applications in order to avoid side channel around avoid
duplicate connections (i.e. if we did mix them up then a service might be able
to exploit the fact that clients avid duplicate connections by attempting to
to exploit the fact that clients avoid duplicate connections by attempting to
connect to known-online peers and observing if they reject the connection
because they already have an outbound ephemeral connection open.)
@ -125,7 +127,7 @@ recommend that peers maintain one long term service and multiple ephemeral
**Status: Mitigated**
By default, tor v3 onion services only provide one-way authentication, that
is the client can verify a metadata resistant connection to the server by the
is the client can verify a metadata resistant connection to the server but the
server obtained no information about the client.
Tapir provides a peer-to-peer interface over this client-server structure