[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[minion-cvs] a few more fixes
Update of /home/minion/cvsroot/doc
In directory moria.seul.org:/home/arma/work/minion/doc
Modified Files:
minion-design.bib minion-design.tex
Log Message:
a few more fixes
Index: minion-design.bib
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-design.bib,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- minion-design.bib 6 Nov 2002 02:04:03 -0000 1.15
+++ minion-design.bib 10 Nov 2002 05:57:49 -0000 1.16
@@ -607,7 +607,7 @@
school = {{MIT}},
title = {Private {I}nformation {R}etrieval},
year = {2000},
- note = {\newline \url{http://www.toc.lcs.mit.edu/~tal/}}
+ note = {\newline \url{http://toc.lcs.mit.edu/~tal/pubs.html}}
}
@Misc{zks,
Index: minion-design.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-design.tex,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -d -r1.94 -r1.95
--- minion-design.tex 7 Nov 2002 05:57:39 -0000 1.94
+++ minion-design.tex 10 Nov 2002 05:57:49 -0000 1.95
@@ -931,8 +931,8 @@
his key appropriately.
Additionally link encryption makes active and passive attacks on the
-network links more difficult. Since a message tell each mix about
-the identity of its successor, it is difficult for an attacker to
+network links more difficult. Since a message tells each mix the identity
+of its successor in the path, it is difficult for an attacker to
mount a man-in-the-middle attack to modify messages, inject messages
to a node as if they were part of the normal communications, or delete
messages. An additional \emph{heartbeat} signal in the SSL tunnel
@@ -1081,7 +1081,7 @@
request. (We believe that restricting ourselves to such adversaries is
reasonable. After all, adversaries strong enough to read the victim's mail
can probably deny service to him in some other way. Users may also avoid
-this attack by running their own 'delivery-only' nodes, which would amount to
+this attack by running their own `delivery-only' nodes, which would amount to
an implicit opt-in.)
%We might instead
@@ -1152,7 +1152,8 @@
We use a compromise solution that still provides forward anonymity. Messages
don't contain any timestamp or expiration information. As in Mixmaster, each
mix keeps hashes of the headers of all messages it has processed; but unlike
-Mixmaster, a mix only discards these hashes it rotates its public key. Mixes
+Mixmaster, a mix only discards these hashes when it rotates its public
+key. Mixes
should choose key rotation frequency based on their security goals and on the
number of hashes they are willing to store, and advertise their key rotation
schedules along with their public key information. (See Section
@@ -1195,7 +1196,7 @@
information about nodes' current keys, capabilities, and state.
These directory servers must be synchronized and redundant: we lose security if
clients have different information about network topology and node
-reliability. An adversary who controled a directory server could track
+reliability. An adversary who controls a directory server could track
certain clients by providing different information --- perhaps by listing
only mixes under its control, or by informing only certain clients about a
given mix.