[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [community/staging] Onion Services section
commit f186e9f7a88c1edfdfedf4fbb202fdd2c8d334e3
Author: Pili Guerra <pili@xxxxxxxxxxxxxx>
Date: Fri Jun 7 13:28:35 2019 +0200
Onion Services section
---
content/onion-services/overview/contents.lr | 18 +++++++++---------
content/onion-services/ssl-tls/contents.lr | 2 +-
templates/onion-services.html | 4 ++--
3 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/content/onion-services/overview/contents.lr b/content/onion-services/overview/contents.lr
index 1f9b25c..7d6349f 100644
--- a/content/onion-services/overview/contents.lr
+++ b/content/onion-services/overview/contents.lr
@@ -21,11 +21,11 @@ body:
Onion services are services that can only be accessed over Tor.
Running an onion service gives your users all the security of HTTPS with the added privacy benefits of Tor Browser.
-##Â Why onion services?
+## Why onion services?
Onion services offer various security benefits to their users, that are not usually given on the normal web. In particular:
-###Â Location hiding
+### Location hiding
An onion service's IP is hidden.
Onion services are an overlay network on top of TCP/IP/, so in some sense IP addresses are not even meaningful to onion services: they are not even used in the protocol.
@@ -35,7 +35,7 @@ Onion services are an overlay network on top of TCP/IP/, so in some sense IP add
When a user visits a particular onion, they know that the content they are seeing can only come from that particular onion and that no impersonation is possible.
This is not the case with the normal web, where reaching a website does not mean that a man-in-the-middle did not reroute to some other location (e.g. DNS attacks).
-###Â End-to-end encryption
+### End-to-end encryption
Onion service traffic is encrypted from the client to the onion host. This is like getting strong SSL/HTTPS for free.
@@ -58,7 +58,7 @@ This looks weird and random because in reality it's the _identity public key_ of
The general concept behind the onion service protocol is that we use the Tor network so that the client (Alice) can introduce itself to the service (Bob), and then sets up a rendezvous with the service.
Here is a detailed breakdown of how this happens:
-###Â Act 1: Where the onion service sets up its introduction points
+### Act 1: Where the onion service sets up its introduction points
![Onion Services: Step 1](/static/images/onion-services/overview/tor-onion-services-1.png)
@@ -67,7 +67,7 @@ These circuits are anonymized circuits, so Bob does not reveal his locations to
As part of this step, Bob gives its introduction point a special "authentication key", so that if any clients come for introductions later the introduction point can use that key to match them to Bob.
-###Â Act 2: Where the onion service publishes its descriptors
+### Act 2: Where the onion service publishes its descriptors
![Onion Services: Step 2](/static/images/onion-services/overview/tor-onion-services-2.png)
@@ -79,7 +79,7 @@ The _identity private key_ used here is the private part of the **public key tha
Now, Bob uploads that signed descriptor to a _distributed hash table_ which is part of the Tor network, so that clients can also get it.
Bob uses an anonymized Tor circuit to do this upload, so that he does not reveal his location.
-###Â Act 3: Where a client wants to visit the onion service
+### Act 3: Where a client wants to visit the onion service
All the previous steps were just setup for the onion service so that it's reachable by clients.
Now let's fast-forward to the point where an actual client wants to visit the service:
@@ -93,12 +93,12 @@ When Alice receives the signed descriptor, she verifies the signature of the des
This provides the _end-to-end authentication_ security property, since we are now sure that this descriptor could only be produced by Bob and no one else.
And inside the descriptor there are the introduction points which allow Alice to introduce herself to Bob.
-###Â Act 4: Where the client establishes a rendezvous point
+### Act 4: Where the client establishes a rendezvous point
Now before the introduction takes place, Alice picks a Tor relay and establishes a circuit to it.
Alice asks the relay to become her _rendezvous point_ and gives it an "one-time secret" that will be used as part of the rendezvous procedure.
-###Â Act 5: Where the client introduces itself to the onion service
+### Act 5: Where the client introduces itself to the onion service
![Onion Services: Step 4](/static/images/onion-services/overview/tor-onion-services-4.png)
@@ -120,7 +120,7 @@ This provides _location hiding_ to this connection:
![Onion Services: Step 6](/static/images/onion-services/overview/tor-onion-services-6.png)
-##Â Further resources
+## Further resources
This was just a high-level overview of the Tor onion services protocol.
Here are some more resources for the curious who want to learn more:
diff --git a/content/onion-services/ssl-tls/contents.lr b/content/onion-services/ssl-tls/contents.lr
index ef630a5..8a2772a 100644
--- a/content/onion-services/ssl-tls/contents.lr
+++ b/content/onion-services/ssl-tls/contents.lr
@@ -20,4 +20,4 @@ html: two-columns-page.html
---
body:
-Coming Soon
\ No newline at end of file
+Coming soon
diff --git a/templates/onion-services.html b/templates/onion-services.html
index ee3051a..e9dcd3b 100644
--- a/templates/onion-services.html
+++ b/templates/onion-services.html
@@ -43,7 +43,7 @@
<div class="col-6">
<a href="https://github.com/alecmuffett/eotk"><h3 class="text-primary text-center mx-auto"><u>{{ _('Check out the code') }}
<i class="fas fa-arrow-right"></i></u>
- </h3>
+ </h3></a>
</div>
</div>
-</div>
+</div>
\ No newline at end of file
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits