[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] some more tweaks on the paper

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] some more tweaks on the paper
From: arma@xxxxxxxx (Roger Dingledine)
Date: Thu, 10 Feb 2005 01:20:20 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: or-cvs-outgoing@seul.org
Delivered-to: or-cvs@seul.org
Delivery-date: Thu, 10 Feb 2005 01:20:41 -0500
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Update of /home2/or/cvsroot/tor/doc/design-paper
In directory moria.mit.edu:/home2/arma/work/onion/cvs/tor/doc/design-paper

Modified Files:
	challenges.pdf challenges.tex 
Log Message:
some more tweaks on the paper


Index: challenges.pdf
===================================================================
RCS file: /home2/or/cvsroot/tor/doc/design-paper/challenges.pdf,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
Binary files /tmp/cvsucEJ43 and /tmp/cvs6D2N61 differ

Index: challenges.tex
===================================================================
RCS file: /home2/or/cvsroot/tor/doc/design-paper/challenges.tex,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -d -r1.71 -r1.72
--- challenges.tex	9 Feb 2005 17:42:21 -0000	1.71
+++ challenges.tex	10 Feb 2005 06:20:18 -0000	1.72
@@ -563,7 +563,7 @@
 running nodes, but
 from the information they have provided, it seems that many of them run Tor
 nodes for reasons of personal interest in privacy issues.  It is possible
-that others are running Tor nodes for the protection of their own
+that others are running Tor nodes to protect their own
 anonymity, but of course they are
 hardly likely to tell us specifics if they are.
 %Significantly, Tor's threat model changes the anonymity incentives for running
@@ -603,7 +603,8 @@
 interesting policy implications, however; see
 the next section below.
 Exit policies help to limit administrative costs by limiting the frequency of
-abuse complaints. (See Section~\ref{subsec:tor-and-blacklists}.)
+abuse complaints (see Section~\ref{subsec:tor-and-blacklists}). We discuss
+technical incentive mechanisms in Section~\ref{subsec:incentives-by-design}.
 
 %[XXXX say more.  Why else would you run a node? What else can we do/do we
 %  already do to make running a node more attractive?]
@@ -1114,7 +1115,7 @@
 a variety of challenges. One of these is that they need to find enough
 exit nodes---servers on the `free' side that are willing to relay
 traffic from users to their final destinations. Anonymizing
-networks incorporating Tor are well-suited to this task since we have
+networks like Tor are well-suited to this task since we have
 already gathered a set of exit nodes that are willing to tolerate some
 political heat.
 
@@ -1152,11 +1153,11 @@
 Tor is running today with hundreds of nodes and tens of thousands of
 users, but it will certainly not scale to millions.
 Scaling Tor involves four main challenges. First, to get a
-large initial set of nodes, we must address incentives for
+large set of nodes, we must address incentives for
 users to carry traffic for others. Next is safe node discovery, both
 while bootstrapping (Tor clients must robustly find an initial
-node list) and later (Tor client must learn about a fair sample
-of honest nodes and not let the adversary control his circuits).
+node list) and later (Tor clients must learn about a fair sample
+of honest nodes and not let the adversary control circuits).
 We must also detect and handle node speed and reliability as the network
 becomes increasingly heterogeneous: since the speed and reliability
 of a circuit is limited by its worst link, we must learn to track and
@@ -1164,6 +1165,7 @@
 the network can connect to all other points.
 
 \subsection{Incentives by Design}
+\label{subsec:incentives-by-design}
 
 There are three behaviors we need to encourage for each Tor node: relaying
 traffic; providing good throughput and reliability while doing it;
@@ -1202,12 +1204,12 @@
 
 Unfortunately, such an approach introduces new anonymity problems.
 There are many surprising ways for nodes to game the incentive and
-reputation system to undermine anonymity because such systems are
-designed to encourage fairness in storage or bandwidth usage not
+reputation system to undermine anonymity---such systems are typically
+designed to encourage fairness in storage or bandwidth usage, not
 fairness of provided anonymity. An adversary can attract more traffic
-by performing well or can provide targeted differential performance to
-individual users to undermine their anonymity. Typically a user who
-chooses evenly from all options is most resistant to an adversary
+by performing well or can target individual users by selectively
+performing, to undermine their anonymity. Typically a user who
+chooses evenly from all nodes is most resistant to an adversary
 targeting him, but that approach hampers the efficient use
 of heterogeneous nodes.

Prev by Author: [or-cvs] remove redundant lines
Next by Author: [or-cvs] when a client asks us for a dir mirror and we don"t have one,
Previous by thread: [or-cvs] remove redundant lines
Next by thread: [or-cvs] when a client asks us for a dir mirror and we don"t have one,
Index(es):
- Author
- Thread