@node CPR
-@section Constant Packet Rate
+@subsection Constant Packet Rate
Constant Packet Rate is used to hide fact of underlying payload packets
appearance. In this mode daemon inserts necessary dummy packets and
This mode is turned by @code{-cpr} option, where you specify desired
outgoing traffic rate in KiB/sec (kibibytes per second). This option also
-@strong{forces} using of the @ref{Noise}! It is turned off by default.
+@strong{forces} using of the @ref{Noise, noise}! It is turned off by default.
@node EGD
-@section Entropy Gathering Daemon
+@subsection Entropy Gathering Daemon
Overall security mainly depends on client side:
@ref{PAKE, good passphrase} and cryprographically good pseudo random
--- /dev/null
+@node Glossary
+@section Glossary
+
+@menu
+* Entropy gathering daemon: EGD.
+* Identity::
+* Password Authenticated Key Agreement: PAKE.
+* Timeout::
+* Network transport: Network.
+* Proxy::
+* Maximum Transmission Unit: MTU.
+* Statistics: Stats.
+* Noise::
+* Constant Packet Rate: CPR.
+* Verifier::
+@end menu
+
+@include egd.texi
+@include identity.texi
+@include pake.texi
+@include timeout.texi
+@include netproto.texi
+@include proxy.texi
+@include mtu.texi
+@include stats.texi
+@include noise.texi
+@include cpr.texi
+@include verifier.texi
@node Identity
-@section Identity
+@subsection Identity
Client's identity is 128-bit string. It is not secret, so can be
transmitted and stored in the clear. However handshake applies PRP on it
@node MTU
-@section Maximum Transmission Unit
+@subsection Maximum Transmission Unit
MTU option tells what maximum transmission unit is expected to get from
TAP interface. It is per-user configuration. If the program gets bigger
@node Network
-@section Network transport
+@subsection Network transport
You can use either UDP or TCP underlying network transport protocols.
@node Noise
-@section Noise
+@subsection Noise
So-called noise is used to hide underlying payload packets lengths.
Without it GoVPN provides confidentiality and authenticity of messages,
@node PAKE
-@section Password Authenticated Key Agreement
+@subsection Password Authenticated Key Agreement
Previously we used pre-shared high-entropy long-term static key for
client-server authentication. Is is secure, but not convenient for some
@node Proxy
-@section Proxy
+@subsection Proxy
You can proxy your requests through HTTP using CONNECT method. This can
help if you are only allowed to access outside world through HTTP proxy
@node Stats
-@section Stats
+@subsection Statistics
Both client and server has ability to show statistics about known
connected peers. You retrieve them by downloading JSON from built-in
@node Timeout
-@section Timeout
+@subsection Timeout
Because of stateless UDP nature there is no way to reliably know if
remote peer is alive. That is why timeouts are necessary. If no packets
with @emph{Go 1.5.1} gives 786 Mbps (UDP transport) throughput.
@menu
-* EGD:: Entropy gathering daemon
-* Identity::
-* PAKE:: Password Authenticated Key Agreement
-* Timeout::
-* Network transport: Network.
-* Proxy::
-* MTU:: Maximum Transmission Unit
-* Stats::
-* Noise::
-* CPR:: Constant Packet Rate
-* Verifier::
+* Glossary::
* Client part: Client.
* Server part: Server.
* Example usage: Example.
@end menu
-@include egd.texi
-@include identity.texi
-@include pake.texi
-@include timeout.texi
-@include netproto.texi
-@include proxy.texi
-@include mtu.texi
-@include stats.texi
-@include noise.texi
-@include cpr.texi
-@include verifier.texi
+@include glossary.texi
@include client.texi
@include server.texi
@include example.texi
@node Verifier
-@section Verifier
+@subsection Verifier
Verifier is created using @code{govpn-verifier} utility. But currently
Go does not provide native instruments to read passwords without echoing