From 2fc6aa8e8e2d6a41f5e35eb840ff6e1da1a39485 Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Wed, 6 Jan 2016 19:24:32 +0300 Subject: [PATCH] [DOC] Various small corrections Signed-off-by: Sergey Matveev --- doc/about.ru.texi | 6 +++--- doc/about.texi | 10 +++++----- doc/developer.texi | 2 +- doc/encless.texi | 9 ++++----- doc/faq.texi | 2 +- doc/mtu.texi | 8 ++++---- doc/news.texi | 5 +++-- doc/noise.texi | 2 +- src/govpn/aont/oaep.go | 2 +- 9 files changed, 23 insertions(+), 23 deletions(-) diff --git a/doc/about.ru.texi b/doc/about.ru.texi index e35c97c..2797a63 100644 --- a/doc/about.ru.texi +++ b/doc/about.ru.texi @@ -26,7 +26,7 @@ A-EKE (Diffie-Hellman Augmented Encrypted Key Exchange)). @item Опциональный @ref{Encless, нешифрованный режим}: функции шифрования не применяются для исходящего трафика, вместо них кодирование всё-равно -обеспечивающее конфиденциальность. Юрисдикции и суды не смогут вас +обеспечивающее конфиденциальность. Юрисдикции и суды не могут вас вынудить выдать ключи шифрования или привлечь за использование шифрования. @item @@ -66,9 +66,9 @@ A-EKE (Diffie-Hellman Augmented Encrypted Key Exchange)). статистики} о подключённых клиентах в режиме реального времени в @url{http://json.org/, JSON} формате. @item -Написан на языке @url{http://golang.org/, Go} с простым кодом, +Написан на языке @url{https://golang.org/, Go} с простым кодом, ориентированным на лёгкость чтения и анализа. @item Поддержка @url{https://www.gnu.org/, GNU}/Linux и -@url{http://www.freebsd.org/, FreeBSD}. +@url{https://www.freebsd.org/, FreeBSD}. @end itemize diff --git a/doc/about.texi b/doc/about.texi index 10a203a..03b5c89 100644 --- a/doc/about.texi +++ b/doc/about.texi @@ -23,11 +23,11 @@ cryptography. @item Optional @ref{Encless, encryptionless mode} of operation: no encryption functions are applied for outgoing traffic, but still confidentiality -preserving encoding. Jurisdictions and courts can force you to reveal -encryption keys or sue for encryption usage. +preserving encoding. Jurisdictions and courts can not either force you +to reveal encryption keys or sue for encryption usage. @item Censorship resistant handshake and transport messages: fully -indistinguishable from the noise with optionally hidden packets lengths. +indistinguishable from the noise with optionally hidden packets length. @item @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy} property. @@ -60,9 +60,9 @@ Optional built-in HTTP-server for retrieving real-time @ref{Stats, statistics} information about known connected peers in @url{http://json.org/, JSON} format. @item -Written on @url{http://golang.org/, Go} programming language with +Written on @url{https://golang.org/, Go} programming language with simple code that can be read and reviewed. @item @url{https://www.gnu.org/, GNU}/Linux and -@url{http://www.freebsd.org/, FreeBSD} support. +@url{https://www.freebsd.org/, FreeBSD} support. @end itemize diff --git a/doc/developer.texi b/doc/developer.texi index 3002566..4293f80 100644 --- a/doc/developer.texi +++ b/doc/developer.texi @@ -5,7 +5,7 @@ Pay attention how to get @ref{Sources, development source code}. @table @asis @item Nonce and identity encryption - @url{http://143.53.36.235:8080/tea.htm, XTEA}. + @url{http://www.cix.co.uk/~klockstone/xtea.pdf, XTEA}. @item Data encryption @url{http://cr.yp.to/snuffle.html, Salsa20}. @item Message authentication diff --git a/doc/encless.texi b/doc/encless.texi index a98f71f..6d44191 100644 --- a/doc/encless.texi +++ b/doc/encless.texi @@ -15,7 +15,7 @@ resource hungry algorithm, so we use it after @url{http://theory.lcs.mit.edu/~cis/pubs/rivest/fusion.ps, All-Or-Nothing-Transformation} (based on @url{http://cseweb.ucsd.edu/~mihir/papers/oaep.html, Optimal Asymmetric -Encryption Padding}) on the data. It is confidentiality preserving +Encryption Padding}) on the data. This is confidentiality preserving encoding. AONT is just a keyless encoding of the data. CnW uses only @@ -23,8 +23,7 @@ authentication function. Handshake additionally uses Diffie-Hellman and signature algorithms. No encryption and steganography involved. In this mode each outgoing packet became larger on 4128 bytes and -@ref{Noise, noise} is forcefully enabled. So this is rather resource -hungry mode! +@ref{Noise, noise} is forcefully enabled. So this is resource hungry mode! @strong{Beware}: by default packet serial numbers are still processed through the XTEA encryption. It is not required for confidentiality and @@ -33,5 +32,5 @@ indistinguishable from the noise, for making it more DPI-proof. It safely can be disabled, turned off or maybe its keys even can be revealed without security and forward secrecy loss. -See @code{src/govpn/cnw} and @code{src/govpn/aont} packages for -details of AONT and chaffing operations. +See @code{govpn/cnw} and @code{govpn/aont} packages for details of AONT +and chaffing operations. diff --git a/doc/faq.texi b/doc/faq.texi index 79a3aa3..0ac8de8 100644 --- a/doc/faq.texi +++ b/doc/faq.texi @@ -67,7 +67,7 @@ kinds of it. @item When should I use @ref{Encless, encryptionless mode}? If you are operating under jurisdiction where courts can either sue you -for encryption usage or can force you to somehow reveal you encryption +for encryption usage or force you to somehow reveal you encryption keys (however new session encryption keys are generated each session). Those courts can not demand for authentication and signing keys in most cases. @strong{Do not} let mode's name to confuse you: it still diff --git a/doc/mtu.texi b/doc/mtu.texi index f847166..6ddb521 100644 --- a/doc/mtu.texi +++ b/doc/mtu.texi @@ -2,10 +2,10 @@ @subsection Maximum Transmission Unit MTU option tells what maximum transmission unit is expected to get from -TAP interface. It is per-user configuration. If the program gets bigger -size packet (including the padding byte), then it will ignore that -packet. If either @ref{Noise, noise}, or @ref{CPR} are enabled, then all -outgoing packets are filled up to that MTU value. +TAP interface. It is per-user configuration. Incoming packets of bigger +sizes (including the padding byte) will be ignored. If either +@ref{Noise, noise}, or @ref{CPR} are enabled, then all outgoing packets +are filled up to that MTU value. Default MTU equals to 1514 bytes (1500 bytes of Ethernet payload, 14 bytes of Ethernet header). diff --git a/doc/news.texi b/doc/news.texi index 6344402..4086a79 100644 --- a/doc/news.texi +++ b/doc/news.texi @@ -6,8 +6,9 @@ @item Release 5.0 @itemize @item New optional @ref{Encless, encryptionless mode} of operation. -Technically no encryption functions are used, you can not be forced to -reveal your encryption keys or sued for encryption usage. +Technically no encryption functions are applied for outgoing packets, so +you can not be forced to reveal your encryption keys or sued for +encryption usage. @item @ref{MTU}s are configured on per-user basis. @item Simplified payload padding scheme, saving one byte of data. @item Ability to specify TAP interface name explicitly without any diff --git a/doc/noise.texi b/doc/noise.texi index 9cd03d2..5df68a9 100644 --- a/doc/noise.texi +++ b/doc/noise.texi @@ -1,7 +1,7 @@ @node Noise @subsection Noise -So-called noise is used to hide underlying payload packets lengths. +So-called noise is used to hide underlying payload packets length. Without it GoVPN provides confidentiality and authenticity of messages, but not their timestamps of appearance and sizes. diff --git a/src/govpn/aont/oaep.go b/src/govpn/aont/oaep.go index c881e27..35d92fe 100644 --- a/src/govpn/aont/oaep.go +++ b/src/govpn/aont/oaep.go @@ -22,7 +22,7 @@ along with this program. If not, see . // (http://cseweb.ucsd.edu/~mihir/papers/oaep.html) // used there as All-Or-Nothing-Transformation // (http://theory.lcs.mit.edu/~cis/pubs/rivest/fusion.ps). -// We do not fix OAEP parts lengths, instead we add hash-based +// We do not fix OAEP parts length, instead we add hash-based // checksum like in SAEP+ // (http://crypto.stanford.edu/~dabo/abstracts/saep.html). // -- 2.44.0