X-Git-Url: http://www.git.cypherpunks.ru/?p=govpn.git;a=blobdiff_plain;f=doc%2Fabout.texi;h=7cda5af5d6db5f52bc8d6466b986c1888538a54b;hp=3ee864492b9604facf984f6499b90e3ed774ac64;hb=a11b0bda178937e6891770f40f800d69b5640313;hpb=e23519696f5493da4b92770194b915322fd68164 diff --git a/doc/about.texi b/doc/about.texi index 3ee8644..7cda5af 100644 --- a/doc/about.texi +++ b/doc/about.texi @@ -2,60 +2,97 @@ GoVPN is simple free software virtual private network daemon, aimed to be reviewable, secure and @url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}/censorship-resistant. -@itemize @bullet +See also this page @ref{О демоне, on russian}. + +@itemize + @item -Copylefted free software: licenced under -@url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}. +@url{https://www.gnu.org/philosophy/pragmatic.html, Copylefted} +@url{https://www.gnu.org/philosophy/free-sw.html, free software}: +licenced under @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}. + @item Fast strong @ref{PAKE, passphrase authenticated} augmented @ref{Handshake, key agreement protocol} with zero-knowledge mutual peers authentication (PAKE DH A-EKE (Diffie-Hellman Augmented Encrypted Key -Exchange)), censorship resistant (indistinguishable from noise, with -hidden packet's length). +Exchange)). + @item @ref{Verifier structure, Augmented authentication tokens} resistant to -offline dictionary attacks. An attacker can not masquerade a client -even with server passphrase verifiers compromising. +offline dictionary attacks. They use CPU and memory hardened hashing +algorithm. An attacker can not masquerade a client even with server +passphrase verifiers compromising. + @item Encrypted and authenticated @ref{Transport, payload transport} -with 128-bit @ref{Developer, security margin} state-of-the-art -cryptography and censorship resistance (indistinguishability from noise -and hiding of packet's length). +with 128-bit @ref{Developer, security margin} state-of-the-art non-NIST +cryptography. + +@item +Optional @ref{Encless, encryptionless mode} of operation: no encryption +functions are applied for outgoing traffic, but still confidentiality +preserving encoding. Jurisdictions and courts can not either force you +to reveal encryption keys or sue for encryption usage. + +@item +Censorship resistant handshake and transport messages: fully +indistinguishable from the noise with optionally hidden packets length. + @item @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy} property. + @item -Replay attack protection (using one-time MACs). +Replay attack protection (using one-time MACs and optional +@ref{Timesync, time synchronization} requirement). + @item Built-in rehandshake (session key rotation) and heartbeat features. + @item Ability to hide packets length with the @ref{Noise, noise} data. + @item Ability to hide payload timestamps with @ref{CPR, constant packet rate} traffic. + @item Compatible with @url{http://egd.sourceforge.net/, EGD} (entropy gathering daemon) PRNGs. + @item Several simultaneous clients support with per-client configuration options. Clients have pre-established @ref{Identity, identity} invisible for third-parties (they are anonymous). + @item -Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP} +Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TUN/TAP} underlying network interfaces. + @item Can use @ref{Network, UDP and TCP} or HTTP @ref{Proxy, proxies} for accessing the server. + @item Fully IPv4 and IPv6 compatible. + @item Optional built-in HTTP-server for retrieving real-time @ref{Stats, statistics} information about known connected peers in @url{http://json.org/, JSON} format. + @item -Written on @url{http://golang.org/, Go} programming language with +Server is configured through the @url{http://yaml.org/, YAML} file. + +@item +Ability to use syslog for logging. + +@item +Written on @url{https://golang.org/, Go} programming language with simple code that can be read and reviewed. + @item @url{https://www.gnu.org/, GNU}/Linux and -@url{http://www.freebsd.org/, FreeBSD} support. +@url{https://www.freebsd.org/, FreeBSD} support. + @end itemize