@item
Опциональный @ref{Encless, нешифрованный режим}: функции шифрования не
применяются для исходящего трафика, вместо них кодирование всё-равно
-обеспечивающее конфиденциальность. Юрисдикции и суды не смогут вас
+обеспечивающее конфиденциальность. Юрисдикции и суды не могут вас
вынудить выдать ключи шифрования или привлечь за использование
шифрования.
@item
статистики} о подключённых клиентах в режиме реального времени в
@url{http://json.org/, JSON} формате.
@item
-Написан на языке @url{http://golang.org/, Go} с простым кодом,
+Написан на языке @url{https://golang.org/, Go} с простым кодом,
ориентированным на лёгкость чтения и анализа.
@item
Поддержка @url{https://www.gnu.org/, GNU}/Linux и
-@url{http://www.freebsd.org/, FreeBSD}.
+@url{https://www.freebsd.org/, FreeBSD}.
@end itemize
@item
Optional @ref{Encless, encryptionless mode} of operation: no encryption
functions are applied for outgoing traffic, but still confidentiality
-preserving encoding. Jurisdictions and courts can force you to reveal
-encryption keys or sue for encryption usage.
+preserving encoding. Jurisdictions and courts can not either force you
+to reveal encryption keys or sue for encryption usage.
@item
Censorship resistant handshake and transport messages: fully
-indistinguishable from the noise with optionally hidden packets lengths.
+indistinguishable from the noise with optionally hidden packets length.
@item
@url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
property.
@ref{Stats, statistics} information about known connected peers in
@url{http://json.org/, JSON} format.
@item
-Written on @url{http://golang.org/, Go} programming language with
+Written on @url{https://golang.org/, Go} programming language with
simple code that can be read and reviewed.
@item
@url{https://www.gnu.org/, GNU}/Linux and
-@url{http://www.freebsd.org/, FreeBSD} support.
+@url{https://www.freebsd.org/, FreeBSD} support.
@end itemize
@table @asis
@item Nonce and identity encryption
- @url{http://143.53.36.235:8080/tea.htm, XTEA}.
+ @url{http://www.cix.co.uk/~klockstone/xtea.pdf, XTEA}.
@item Data encryption
@url{http://cr.yp.to/snuffle.html, Salsa20}.
@item Message authentication
@url{http://theory.lcs.mit.edu/~cis/pubs/rivest/fusion.ps,
All-Or-Nothing-Transformation} (based on
@url{http://cseweb.ucsd.edu/~mihir/papers/oaep.html, Optimal Asymmetric
-Encryption Padding}) on the data. It is confidentiality preserving
+Encryption Padding}) on the data. This is confidentiality preserving
encoding.
AONT is just a keyless encoding of the data. CnW uses only
signature algorithms. No encryption and steganography involved.
In this mode each outgoing packet became larger on 4128 bytes and
-@ref{Noise, noise} is forcefully enabled. So this is rather resource
-hungry mode!
+@ref{Noise, noise} is forcefully enabled. So this is resource hungry mode!
@strong{Beware}: by default packet serial numbers are still processed
through the XTEA encryption. It is not required for confidentiality and
safely can be disabled, turned off or maybe its keys even can be
revealed without security and forward secrecy loss.
-See @code{src/govpn/cnw} and @code{src/govpn/aont} packages for
-details of AONT and chaffing operations.
+See @code{govpn/cnw} and @code{govpn/aont} packages for details of AONT
+and chaffing operations.
@item When should I use @ref{Encless, encryptionless mode}?
If you are operating under jurisdiction where courts can either sue you
-for encryption usage or can force you to somehow reveal you encryption
+for encryption usage or force you to somehow reveal you encryption
keys (however new session encryption keys are generated each session).
Those courts can not demand for authentication and signing keys in most
cases. @strong{Do not} let mode's name to confuse you: it still
@subsection Maximum Transmission Unit
MTU option tells what maximum transmission unit is expected to get from
-TAP interface. It is per-user configuration. If the program gets bigger
-size packet (including the padding byte), then it will ignore that
-packet. If either @ref{Noise, noise}, or @ref{CPR} are enabled, then all
-outgoing packets are filled up to that MTU value.
+TAP interface. It is per-user configuration. Incoming packets of bigger
+sizes (including the padding byte) will be ignored. If either
+@ref{Noise, noise}, or @ref{CPR} are enabled, then all outgoing packets
+are filled up to that MTU value.
Default MTU equals to 1514 bytes (1500 bytes of Ethernet payload, 14
bytes of Ethernet header).
@item Release 5.0
@itemize
@item New optional @ref{Encless, encryptionless mode} of operation.
-Technically no encryption functions are used, you can not be forced to
-reveal your encryption keys or sued for encryption usage.
+Technically no encryption functions are applied for outgoing packets, so
+you can not be forced to reveal your encryption keys or sued for
+encryption usage.
@item @ref{MTU}s are configured on per-user basis.
@item Simplified payload padding scheme, saving one byte of data.
@item Ability to specify TAP interface name explicitly without any
@node Noise
@subsection Noise
-So-called noise is used to hide underlying payload packets lengths.
+So-called noise is used to hide underlying payload packets length.
Without it GoVPN provides confidentiality and authenticity of messages,
but not their timestamps of appearance and sizes.
// (http://cseweb.ucsd.edu/~mihir/papers/oaep.html)
// used there as All-Or-Nothing-Transformation
// (http://theory.lcs.mit.edu/~cis/pubs/rivest/fusion.ps).
-// We do not fix OAEP parts lengths, instead we add hash-based
+// We do not fix OAEP parts length, instead we add hash-based
// checksum like in SAEP+
// (http://crypto.stanford.edu/~dabo/abstracts/saep.html).
//