[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r13117: minor tweaks of the v2-conn-protocol text (tor/trunk/doc/spec/proposals/ideas)



Author: arma
Date: 2008-01-12 14:50:52 -0500 (Sat, 12 Jan 2008)
New Revision: 13117

Modified:
   tor/trunk/doc/spec/proposals/ideas/xxx-v2-conn-protocol.txt
Log:
minor tweaks of the v2-conn-protocol text


Modified: tor/trunk/doc/spec/proposals/ideas/xxx-v2-conn-protocol.txt
===================================================================
--- tor/trunk/doc/spec/proposals/ideas/xxx-v2-conn-protocol.txt	2008-01-12 18:07:10 UTC (rev 13116)
+++ tor/trunk/doc/spec/proposals/ideas/xxx-v2-conn-protocol.txt	2008-01-12 19:50:52 UTC (rev 13117)
@@ -41,7 +41,8 @@
   The version of the Tor connection protocol implemented up to now is
   "version 1".  This proposal describes "version 2".
 
-  "Old" or "Older" versions of Tor are ones not aware of this protocol;
+  "Old" or "Older" versions of Tor are ones not aware that version 2
+  of this protocol exists;
   "New" or "Newer" versions are ones that are.
 
   The connection initiator is referred to below as the Client; the
@@ -81,14 +82,14 @@
   coming from a Tor server.  The server does not ask the client for
   certificates.
 
-  Old Servers will (mostly) ignore the cipher list respond as in the v1
-  protocol, and send back a two-certificate chain.
+  Old Servers will (mostly) ignore the cipher list and respond as in the v1
+  protocol, sending back a two-certificate chain.
 
   After the Client gets a response from the server, it checks for the
-  number of certificates.  If there are two certificates, the client
-  assumes a V1 connection and proceeds as in tor-spec.txt.  But if there
-  is only one certificate, the client assumes a V2 or later protocol and
-  continues.
+  number of certificates it received.  If there are two certificates,
+  the client assumes a V1 connection and proceeds as in tor-spec.txt.
+  But if there is only one certificate, the client assumes a V2 or later
+  protocol and continues.
 
   At this point, the client has established a TLS connection with the
   server, but the parties have not been authenticated: the server hasn't
@@ -131,9 +132,13 @@
   SSL_MODE_NO_AUTO_CHAIN flag and sets the callback as for the V1
   protocol.  It then starts reading.
 
-
   The other problem to take care of is missing ciphers and OpenSSL's
-  cipher sorting algorithms. [XXXX more on this.]
+  cipher sorting algorithms. The two main issues are a) OpenSSL doesn't
+  support some of the default ciphers that Firefox advertises, and b)
+  OpenSSL sorts the list of ciphers it offers in a different way than
+  Firefox sorts them, so unless we fix that Tor will still look different
+  than Firefox.
+  [XXXX more on this.]
 
 
 1.2. Compatibility for clients using libraries less hackable than OpenSSL.