X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=doc%2Ffaq.texi;h=e6986cdeaaf56c3886687470101c41f4fd95d8d7;hb=9a5ef6e33490971fc5af5538cdf98e800b692ea7;hp=0ac8de80d22a9573668da03bed7b689da19b7579;hpb=406f46e11ea5266a2d1c3a83add2fb02ba3950cc;p=govpn.git

diff --git a/doc/faq.texi b/doc/faq.texi
index 0ac8de8..e6986cd 100644
--- a/doc/faq.texi
+++ b/doc/faq.texi
@@ -1,19 +1,24 @@
 @node FAQ
+@cindex FAQ
+@cindex Frequently Asked Questions
 @unnumbered Frequently Asked Questions
 
 @table @asis
 
+@cindex TLS
 @item Why do not you use TLS?
 It is complicated protocol. It uses Authenticate-then-Encrypt ordering
 of algorithms -- it is not secure. Moreover its libraries are huge and
 hard to read, review and analyze.
 
+@cindex SSH
 @item Why do not you use SSH?
 Its first protocol versions used A-a-E ordering, however later ones
 supports even ChaCha20-Poly1305 algorithms. But its source code is not
 so trivial and rather big to read and review. OpenSSH does not support
 strong zero-knowledge password authentication.
 
+@cindex IPsec
 @item Why do not you use IPsec?
 It is rather good protocol, supported by all modern OSes. But it lacks
 strong zero-knowledge password authentication and, again, its code is
@@ -24,6 +29,8 @@ For the same reasons: most of software do not provide strong password
 authentication, high cryptographic protocol security, and most of this
 software is written in C -- it is hard to write right on it.
 
+@cindex Why Go
+@cindex Go
 @item Why GoVPN is written on Go?
 Go is very easy to read, review and support. It makes complex code
 writing a harder task. It provides everything needed to the C language:
@@ -38,12 +45,17 @@ Human is capable of memorizing rather long passphrases (not passwords):
 You need to trust only yourself, not hardware token or some other
 storage device. It is convenient.
 
+@cindex Network configuration
 @item Why all network configuration must be done manually?
 Because there are so many use-cases and setups, so many various
 protocols, that either I support all of them, or use complicated
 protocol setups like PPP, or just give right of the choice to the
 administrator. VPN is only just a layer.
 
+@cindex Windows
+@cindex Microsoft Windows
+@cindex Apple OS X
+@cindex OS X
 @item Why there is no either OS X or Windows support?
 Any closed source proprietary systems do not give ability to control the
 computer. You can not securely use cryptography-related stuff without
@@ -55,10 +67,18 @@ You can not decrypt previously saved traffic by compromising long-lived
 keys. PFS property is per-session level: it won't protect from leaking
 the session key from the memory.
 
+@cindex Anonymity
+@cindex Anonymous clients
 @item What do you mean by saying that clients are anonymous?
 That third-party can not differentiate one client from another looking
 at the traffic (transport and handshake).
 
+@cindex Censorship
+@cindex Censorship resistance
+@cindex Censorship resistant
+@cindex DPI resistant
+@cindex DPI resistance
+@cindex DPI
 @item What do you mean by censorship resistance?
 Unability to distinguish either is it GoVPN-traffic is passing by, or
 just @code{cat /dev/urandom | nc somehost}. If you can not differentiate
@@ -83,6 +103,7 @@ timestamps and sizes. You can run traffic analysis and predict what is
 going on in the network. With CPR option enabled you can tell either
 somebody is online, or not -- nothing less, nothing more.
 
+@cindex DoS
 @item Can I DoS (denial of service) the daemon?
 Each transport packet is authenticated first with the very fast UMAC
 algorithm -- in most cases resource consumption of TCP/UDP layers will