commit 5d985dbcaabaef9f6a1f6a1273ca8ad0e06ece3e
Author: emma peel <[email protected]>
Date: Sat Oct 12 11:56:59 2019 +0200
better strings for l10n
---
content/onion-services/overview/contents.lr | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/content/onion-services/overview/contents.lr
b/content/onion-services/overview/contents.lr
index 330dea4..1122aa1 100644
--- a/content/onion-services/overview/contents.lr
+++ b/content/onion-services/overview/contents.lr
@@ -16,7 +16,8 @@ html: two-columns-page.html
---
body:
-Onion services are services that can only be accessed over Tor. Running an
onion service gives your users all the security of HTTPS with the added privacy
benefits of Tor Browser.
+Onion services are services that can only be accessed over Tor.
+Running an onion service gives your users all the security of HTTPS with the
added privacy benefits of Tor Browser.
## Why onion services?
@@ -29,32 +30,41 @@ Onion services are an overlay network on top of TCP/IP, so
in some sense IP addr
### End-to-end authentication
-When a user visits a particular onion, they know that the content they are
seeing can only come from that particular onion. No impersonation is possible,
which is generally not the case. Usually, reaching a website does not mean that
a man-in-the-middle did not reroute to some other location (e.g. DNS attacks).
+When a user visits a particular onion, they know that the content they are
seeing can only come from that particular onion.
+No impersonation is possible, which is generally not the case.
+Usually, reaching a website does not mean that a man-in-the-middle did not
reroute to some other location (e.g. DNS attacks).
### End-to-end encryption
-Onion service traffic is encrypted from the client to the onion host. This is
like getting strong SSL/HTTPS for free.
+Onion service traffic is encrypted from the client to the onion host.
+This is like getting strong SSL/HTTPS for free.
### NAT punching
-Is your network filtered and you can't open ports on your firewall? This could
happen if you are in a university campus, an office, an airport, or pretty much
anywhere. Onion services don't need open ports because they punch through NAT.
They only establish outgoing connections.
+Is your network filtered and you can't open ports on your firewall?
+This could happen if you are in a university campus, an office, an airport, or
pretty much anywhere.
+Onion services don't need open ports because they punch through NAT. They only
establish outgoing connections.
## The Onion Service Protocol: Overview
-Now the question becomes **what kind of protocol is needed to achieve all
these properties?** Usually, people connect to an IP address and are done, but
how can you connect to something that does not have an IP address?
+Now the question becomes **what kind of protocol is needed to achieve all
these properties?**
+Usually, people connect to an IP address and are done, but how can you connect
to something that does not have an IP address?
In particular, an onion service's address looks like this:
`vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion`
-This looks weird and random because it's the _identity public key_ of the
onion service. That's one of the reasons we can achieve the security properties
above.
+This looks weird and random because it's the _identity public key_ of the
onion service.
+That's one of the reasons we can achieve the security properties above.
-The onion service protocol uses the Tor network so that the client (Alice) can
introduce itself to the service (Bob), and then set up a rendezvous point with
the service over the Tor network. Here is a detailed breakdown of how this
happens:
+The onion service protocol uses the Tor network so that the client (Alice) can
introduce itself to the service (Bob), and then set up a rendezvous point with
the service over the Tor network.
+Here is a detailed breakdown of how this happens:
### Act 1: Where the onion service sets up its introduction points
-As the first step in the protocol, Bob (the onion service) contacts a bunch of
Tor relays and asks them to act as his _introduction points_, by establishing
long-term circuits to them. These circuits are anonymized circuits, so Bob does
not reveal his locations to his introduction points.
+As the first step in the protocol, Bob (the onion service) contacts a bunch of
Tor relays and asks them to act as his _introduction points_, by establishing
long-term circuits to them.
+These circuits are anonymized circuits, so Bob does not reveal his locations
to his introduction points.
As part of this step, Bob gives its introduction point a special
"authentication key", so that if any clients come for introductions later the
introduction point can use that key to match them to Bob.
_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
