Update 'src/tapir.md'
I few spelling fixes and comments where I got lost
This commit is contained in:
parent
1fe97ca482
commit
cd458777f7
12
src/tapir.md
12
src/tapir.md
|
@ -5,7 +5,7 @@ framework for building anonymous applications.
|
||||||
|
|
||||||
It is divided into a number of layers:
|
It is divided into a number of layers:
|
||||||
|
|
||||||
* Identity - An ed25519 keypair, required for established a Tor v3 onion service
|
* Identity - An ed25519 keypair, required to establish a Tor v3 onion service
|
||||||
and used to maintain a consistent cryptographic identity for a peer.
|
and used to maintain a consistent cryptographic identity for a peer.
|
||||||
* Connections - The raw networking protocol that connects two peers. Connections
|
* Connections - The raw networking protocol that connects two peers. Connections
|
||||||
are so far only defined over Tor v3 Onion Services (see: [connectivity](./connectivity.md))
|
are so far only defined over Tor v3 Onion Services (see: [connectivity](./connectivity.md))
|
||||||
|
@ -23,7 +23,7 @@ application.
|
||||||
|
|
||||||
### Identity
|
### Identity
|
||||||
|
|
||||||
An ed25519 keypair, required for established a Tor v3 onion service
|
An ed25519 keypair, required to establish a Tor v3 onion service
|
||||||
and used to maintain a consistent cryptographic identity for a peer.
|
and used to maintain a consistent cryptographic identity for a peer.
|
||||||
|
|
||||||
* InitializeIdentity - from a known, persistent keypair: \\(i,I\\)
|
* InitializeIdentity - from a known, persistent keypair: \\(i,I\\)
|
||||||
|
@ -100,17 +100,19 @@ we expect it to be protected via a preceeding app in an `ApplicationChain` e.g.
|
||||||
|
|
||||||
### Ephemeral Connections
|
### Ephemeral Connections
|
||||||
|
|
||||||
Occasionally it is desirable to have a peer conenct to another / a service
|
Occasionally it is desirable to have a peer connect to another / a service
|
||||||
without using their long term identity (e.g. in the case of connecting to
|
without using their long term identity (e.g. in the case of connecting to
|
||||||
a Cwtch Server).
|
a Cwtch Server).
|
||||||
|
|
||||||
In this case we want to enable a convenient way to allow connecting with an
|
In this case we want to enable a convenient way to allow connecting with an
|
||||||
ephemeral identity.
|
ephemeral identity.
|
||||||
|
|
||||||
|
<!-- This is confusing "avoid side channel around avoid
|
||||||
|
duplicate connections" -->
|
||||||
It turns out that doing this securely requires maintaining a completely separate
|
It turns out that doing this securely requires maintaining a completely separate
|
||||||
set of connections and applications in order to avoid side channel around avoid
|
set of connections and applications in order to avoid side channel around avoid
|
||||||
duplicate connections (i.e. if we did mix them up then a service might be able
|
duplicate connections (i.e. if we did mix them up then a service might be able
|
||||||
to exploit the fact that clients avid duplicate connections by attempting to
|
to exploit the fact that clients avoid duplicate connections by attempting to
|
||||||
connect to known-online peers and observing if they reject the connection
|
connect to known-online peers and observing if they reject the connection
|
||||||
because they already have an outbound ephemeral connection open.)
|
because they already have an outbound ephemeral connection open.)
|
||||||
|
|
||||||
|
@ -125,7 +127,7 @@ recommend that peers maintain one long term service and multiple ephemeral
|
||||||
**Status: Mitigated**
|
**Status: Mitigated**
|
||||||
|
|
||||||
By default, tor v3 onion services only provide one-way authentication, that
|
By default, tor v3 onion services only provide one-way authentication, that
|
||||||
is the client can verify a metadata resistant connection to the server by the
|
is the client can verify a metadata resistant connection to the server but the
|
||||||
server obtained no information about the client.
|
server obtained no information about the client.
|
||||||
|
|
||||||
Tapir provides a peer-to-peer interface over this client-server structure
|
Tapir provides a peer-to-peer interface over this client-server structure
|
||||||
|
|
Loading…
Reference in New Issue