mark the design paper as draft, fix a few bugs

svn:r979

doc/tor-design.tex

@@ -43,7 +43,7 @@
 %  \pdfpageheight=\the\paperheight
 %\fi
 
-\title{Tor: The Second-Generation Onion Router}
+\title{Tor: The Second-Generation Onion Router\\DRAFT VERSION}
 % Putting the 'Private' back in 'Virtual Private Network'
 
 \author{Roger Dingledine \\ The Free Haven Project \\ arma@freehaven.net \and
@@ -242,7 +242,7 @@ including {\bf Babel} \cite{babel}, {\bf Mixmaster}
 decision, these \emph{high-latency} networks resist strong global
 adversaries,
 but introduce too much lag for interactive tasks like web browsing,
-internet chat, or SSH connections.
+Internet chat, or SSH connections.
 
 Tor belongs to the second category: \emph{low-latency} designs that
 try to anonymize interactive network traffic. These systems handle
@@ -560,9 +560,9 @@ the connection with perfect forward secrecy, and prevents an attacker
 from modifying data on the wire or impersonating an OR.
 
 Traffic passes along these connections in fixed-size cells.  Each cell
-is 256 bytes (but see Section~\ref{sec:conclusion} for a discussion of
-allowing large cells and small cells on the same network), and
-consists of a header and a payload. The header includes a circuit
+is 512 bytes, %(but see Section~\ref{sec:conclusion} for a discussion of
+%allowing large cells and small cells on the same network),
+and consists of a header and a payload. The header includes a circuit
 identifier (circID) that specifies which circuit the cell refers to
 (many circuits can be multiplexed over the single TLS connection), and
 a command to describe what to do with the cell's payload.  (Circuit
@@ -717,7 +717,7 @@ will it have a meaningful value.\footnote{
   % Assuming 4-hop circuits with 10 streams per hop, there are 33
   % possible bad streamIDs before the last circuit.  This still
   % gives an error only once every 2 million terabytes (approx).
-With 56 bits of streamID per cell, the probability of an accidental
+With 48 bits of streamID per cell, the probability of an accidental
 collision is far lower than the chance of hardware failure.}
 This \emph{leaky pipe} circuit topology
 allows Alice's streams to exit at different ORs on a single circuit.
@@ -1092,7 +1092,7 @@ and diversity of that system's users, and thereby reduce the anonymity
 of the system itself.  Like usability, public perception is a
 security parameter.  Sadly, preventing abuse of open exit nodes is an
 unsolved problem, and will probably remain an arms race for the
-forseeable future.  The abuse problems faced by Princeton's CoDeeN
+foreseeable future.  The abuse problems faced by Princeton's CoDeeN
 project \cite{darkside} give us a glimpse of likely issues.
 
 \SubSection{Directory Servers}
@@ -1732,7 +1732,7 @@ approaches, but more deployment experience will be helpful in learning
 the relative importance of these bottlenecks.
 
 \emph{Bandwidth classes:} This paper assumes that all ORs have
-good bandwidth and latency. We should instead adopt the Morphmix model,
+good bandwidth and latency. We should instead adopt the MorphMix model,
 where nodes advertise their bandwidth level (DSL, T1, T3), and
 Alice avoids bottlenecks by choosing nodes that match or
 exceed her bandwidth. In this way DSL users can usefully join the Tor
@@ -1807,7 +1807,7 @@ our overall usability.
  Matej Pfajfar, Andrei Serjantov, Marc Rennhard: for design discussions.
  Bram Cohen for congestion control discussions.
  Adam Back for suggesting telescoping circuits.
- Cathy Meadows for formal analysis of the extend protocol.
+ Cathy Meadows for formal analysis of the \emph{extend} protocol.
  This work supported by ONR and DARPA.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%