aboutsummaryrefslogtreecommitdiff
path: root/doc/chapters
diff options
context:
space:
mode:
authorng0 <ng0@infotropique.org>2017-10-20 15:29:28 +0000
committerng0 <ng0@infotropique.org>2017-10-20 15:29:28 +0000
commit9b9a2c8b892d62d62d0995a5a792f83e6c67c186 (patch)
treece507ef0bfff4bc2b4cbdbebd3d068e7a3e20425 /doc/chapters
parentf7f3f929cc68050880003f3a2a1838910c39e7a3 (diff)
downloadgnunet-9b9a2c8b892d62d62d0995a5a792f83e6c67c186.tar.gz
gnunet-9b9a2c8b892d62d62d0995a5a792f83e6c67c186.zip
linelength adjustments in 'philosophy'
Diffstat (limited to 'doc/chapters')
-rw-r--r--doc/chapters/philosophy.texi283
1 files changed, 162 insertions, 121 deletions
diff --git a/doc/chapters/philosophy.texi b/doc/chapters/philosophy.texi
index d2d1f9289..c4572e6df 100644
--- a/doc/chapters/philosophy.texi
+++ b/doc/chapters/philosophy.texi
@@ -1,4 +1,3 @@
1@c ***************************************************************************
2@node Philosophy 1@node Philosophy
3@chapter Philosophy 2@chapter Philosophy
4 3
@@ -23,7 +22,7 @@ generation of decentralized Internet protocols.
23@end menu 22@end menu
24 23
25 24
26@c *************************************************************************** 25@cindex Design Goals
27@node Design Goals 26@node Design Goals
28@section Design Goals 27@section Design Goals
29 28
@@ -31,85 +30,100 @@ These are the core GNUnet design goals, in order of relative importance:
31 30
32@itemize 31@itemize
33@item GNUnet must be implemented as free software. 32@item GNUnet must be implemented as free software.
34@item GNUnet must only disclose the minimal amount of information necessary. 33@item GNUnet must only disclose the minimal amount of information
35@item GNUnet must be decentralised and survive Byzantine failures in any position in the network. 34necessary.
36@item GNUnet must make it explicit to the user which entities must be trustworthy when establishing secured communications. 35@item GNUnet must be decentralised and survive Byzantine failures in any
37@item GNUnet must use compartmentalization to protect sensitive information. 36position in the network.
37@item GNUnet must make it explicit to the user which entities must be
38trustworthy when establishing secured communications.
39@item GNUnet must use compartmentalization to protect sensitive
40information.
38@item GNUnet must be open and permit new peers to join. 41@item GNUnet must be open and permit new peers to join.
39@item GNUnet must be self-organizing and not depend on administrators. 42@item GNUnet must be self-organizing and not depend on administrators.
40@item GNUnet must support a diverse range of applications and devices. 43@item GNUnet must support a diverse range of applications and devices.
41@item The GNUnet architecture must be cost effective. 44@item The GNUnet architecture must be cost effective.
42@item GNUnet must provide incentives for peers to contribute more resources than they consume. 45@item GNUnet must provide incentives for peers to contribute more
46resources than they consume.
43@end itemize 47@end itemize
44 48
45 49
50@cindex Security and Privacy
46@node Security & Privacy 51@node Security & Privacy
47@section Security & Privacy 52@section Security & Privacy
48 53
49GNUnet's primary design goals are to protect the privacy of its users and to 54GNUnet's primary design goals are to protect the privacy of its users and
50guard itself against attacks or abuse. GNUnet does not have any mechanisms 55to guard itself against attacks or abuse.
51to control, track or censor users. Instead, the GNUnet protocols aim to make 56GNUnet does not have any mechanisms to control, track or censor users.
52it as hard as possible to find out what is happening on the network or to 57Instead, the GNUnet protocols aim to make it as hard as possible to
53disrupt operations. 58find out what is happening on the network or to disrupt operations.
54 59
60@cindex Versatility
55@node Versatility 61@node Versatility
56@section Versatility 62@section Versatility
57 63
58We call GNUnet a peer-to-peer framework because we want to support many 64We call GNUnet a peer-to-peer framework because we want to support many
59different forms of peer-to-peer applications. GNUnet uses a plugin 65different forms of peer-to-peer applications. GNUnet uses a plugin
60architecture to make the system extensible and to encourage code reuse. 66architecture to make the system extensible and to encourage code reuse.
61While the first versions of the system only supported anonymous file-sharing, 67While the first versions of the system only supported anonymous
62other applications are being worked on and more will hopefully follow in the 68file-sharing, other applications are being worked on and more will
63future. A powerful synergy regarding anonymity services is created by a large 69hopefully follow in the future.
70A powerful synergy regarding anonymity services is created by a large
64community utilizing many diverse applications over the same software 71community utilizing many diverse applications over the same software
65infrastructure. The reason is that link encryption hides the specifics 72infrastructure. The reason is that link encryption hides the specifics
66of the traffic for non-participating observers. This way, anonymity can 73of the traffic for non-participating observers. This way, anonymity can
67get stronger with additional (GNUnet) traffic, even if the additional 74get stronger with additional (GNUnet) traffic, even if the additional
68traffic is not related to anonymous communication. Increasing anonymity is 75traffic is not related to anonymous communication. Increasing anonymity is
69the primary reason why GNUnet is developed to become a peer-to-peer 76the primary reason why GNUnet is developed to become a peer-to-peer
70framework where many applications share the lower layers of an increasingly 77framework where many applications share the lower layers of an
71complex protocol stack. If merging traffic to hinder traffic analysis was 78increasingly complex protocol stack.
72not important, we could have just developed a dozen stand-alone applications 79If merging traffic to hinder traffic analysis was not important,
80we could have just developed a dozen stand-alone applications
73and a few shared libraries. 81and a few shared libraries.
74 82
83@cindex Practicality
75@node Practicality 84@node Practicality
76@section Practicality 85@section Practicality
77 86
78GNUnet allows participants to trade various amounts of security in exchange 87GNUnet allows participants to trade various amounts of security in
79for increased efficiency. However, it is not possible for any user's security 88exchange for increased efficiency. However, it is not possible for any
80and efficiency requirements to compromise the security and efficiency of 89user's security and efficiency requirements to compromise the security
81any other user. 90and efficiency of any other user.
82 91
83For GNUnet, efficiency is not paramount. If there is a more secure and still 92For GNUnet, efficiency is not paramount. If there is a more secure and
84practical approach, we would choose to take the more secure alternative. 93still practical approach, we would choose to take the more secure
85@command{telnet} is more efficient than @command{ssh}, yet it is obsolete. 94alternative. @command{telnet} is more efficient than @command{ssh}, yet
95it is obsolete.
86Hardware gets faster, and code can be optimized. Fixing security issues as 96Hardware gets faster, and code can be optimized. Fixing security issues as
87an afterthought is much harder. 97an afterthought is much harder.
88 98
89While security is paramount, practicability is still a requirement. The most 99While security is paramount, practicability is still a requirement.
90secure system is always the one that nobody can use. Similarly, any 100The most secure system is always the one that nobody can use.
91anonymous system that is extremely inefficient will only find few users. 101Similarly, any anonymous system that is extremely inefficient will only
102find few users.
92However, good anonymity requires a large and diverse user base. Since 103However, good anonymity requires a large and diverse user base. Since
93individual security requirements may vary, the only good solution here is to 104individual security requirements may vary, the only good solution here is
94allow individuals to trade-off security and efficiency. The primary challenge 105to allow individuals to trade-off security and efficiency.
95in allowing this is to ensure that the economic incentives work properly. 106The primary challenge in allowing this is to ensure that the economic
107incentives work properly.
96In particular, this means that it must be impossible for a user to gain 108In particular, this means that it must be impossible for a user to gain
97security at the expense of other users. Many designs (e.g. anonymity via 109security at the expense of other users. Many designs (e.g. anonymity via
98broadcast) fail to give users an incentive to choose a less secure but more 110broadcast) fail to give users an incentive to choose a less secure but
99efficient mode of operation. GNUnet should avoid where ever possible to 111more efficient mode of operation.
100rely on protocols that will only work if the participants are benevolent. 112GNUnet should avoid where ever possible to rely on protocols that will
113only work if the participants are benevolent.
101While some designs have had widespread success while relying on parties 114While some designs have had widespread success while relying on parties
102to observe a protocol that may be sub-optimal for the individuals (e.g. 115to observe a protocol that may be sub-optimal for the individuals (e.g.
103TCP Nagle), a protocol that ensures that individual goals never conflict 116TCP Nagle), a protocol that ensures that individual goals never conflict
104with the goals of the group is always preferable. 117with the goals of the group is always preferable.
105 118
119@cindex Key Concepts
106@node Key Concepts 120@node Key Concepts
107@section Key Concepts 121@section Key Concepts
108 122
109In this section, the fundamental concepts of GNUnet are explained. Most of 123In this section, the fundamental concepts of GNUnet are explained.
110them are also described in our research papers. First, some of the concepts 124Most of them are also described in our research papers.
111used in the GNUnet framework are detailed. The second part describes concepts 125First, some of the concepts used in the GNUnet framework are detailed.
112specific to anonymous file-sharing. 126The second part describes concepts specific to anonymous file-sharing.
113 127
114@menu 128@menu
115* Authentication:: 129* Authentication::
@@ -122,6 +136,7 @@ specific to anonymous file-sharing.
122* Egos:: 136* Egos::
123@end menu 137@end menu
124 138
139@cindex Authentication
125@node Authentication 140@node Authentication
126@subsection Authentication 141@subsection Authentication
127 142
@@ -148,64 +163,75 @@ IP protocol at all (by running directly on layer 2).
148GNUnet uses a special type of message to communicate a binding between 163GNUnet uses a special type of message to communicate a binding between
149public (ECC) keys to their current network address. These messages are 164public (ECC) keys to their current network address. These messages are
150commonly called HELLOs or peer advertisements. They contain the public key 165commonly called HELLOs or peer advertisements. They contain the public key
151of the peer and its current network addresses for various transport services. 166of the peer and its current network addresses for various transport
167services.
152A transport service is a special kind of shared library that 168A transport service is a special kind of shared library that
153provides (possibly unreliable, out-of-order) message delivery between peers. 169provides (possibly unreliable, out-of-order) message delivery between
154For the UDP and TCP transport services, a network address is an IP and a port. 170peers.
171For the UDP and TCP transport services, a network address is an IP and a
172port.
155GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use 173GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use
156various other forms of addresses. Note that any node can have many different 174various other forms of addresses. Note that any node can have many
175different
157active transport services at the same time, and each of these can have a 176active transport services at the same time, and each of these can have a
158different addresses. Binding messages expire after at most a week (the 177different addresses. Binding messages expire after at most a week (the
159timeout can be shorter if the user configures the node appropriately). This 178timeout can be shorter if the user configures the node appropriately).
160expiration ensures that the network will eventually get rid of outdated 179This expiration ensures that the network will eventually get rid of
161advertisements. 180outdated advertisements.@footnote{More details can be found in
162@footnote{More details can be found in @uref{https://gnunet.org/transports, A Transport Layer Abstraction for Peer-to-Peer Networks}} 181@uref{https://gnunet.org/transports, A Transport Layer Abstraction for
182Peer-to-Peer Networks}}
163 183
184@cindex Resource Sharing
164@node Accounting to Encourage Resource Sharing 185@node Accounting to Encourage Resource Sharing
165@subsection Accounting to Encourage Resource Sharing 186@subsection Accounting to Encourage Resource Sharing
166 187
167Most distributed P2P networks suffer from a lack of defenses or precautions 188Most distributed P2P networks suffer from a lack of defenses or
168against attacks in the form of freeloading. While the intentions of an 189precautions against attacks in the form of freeloading.
169attacker and a freeloader are different, their effect on the network is the 190While the intentions of an attacker and a freeloader are different, their
170same; they both render it useless. Most simple attacks on networks such as 191effect on the network is the same; they both render it useless.
171Gnutella involve flooding the network with traffic, particularly with 192Most simple attacks on networks such as Gnutella involve flooding the
172queries that are, in the worst case, multiplied by the network. 193network with traffic, particularly with queries that are, in the worst
194case, multiplied by the network.
173 195
174In order to ensure that freeloaders or attackers have a minimal impact on the 196In order to ensure that freeloaders or attackers have a minimal impact on
175network, GNUnet's file-sharing implementation tries to distinguish 197the network, GNUnet's file-sharing implementation tries to distinguish
176good (contributing) nodes from malicious (freeloading) nodes. In GNUnet, 198good (contributing) nodes from malicious (freeloading) nodes. In GNUnet,
177every file-sharing node keeps track of the behavior of every other node it 199every file-sharing node keeps track of the behavior of every other node it
178has been in contact with. Many requests (depending on the application) are 200has been in contact with. Many requests (depending on the application) are
179transmitted with a priority (or importance) level. That priority is used to 201transmitted with a priority (or importance) level. That priority is used
180establish how important the sender believes this request is. If a peer 202to establish how important the sender believes this request is. If a peer
181responds to an important request, the recipient will increase its trust in the 203responds to an important request, the recipient will increase its trust in
182responder: the responder contributed resources. If a peer is too busy to 204the responder: the responder contributed resources. If a peer is too busy
183answer all requests, it needs to prioritize. For that, peers to not take the 205to answer all requests, it needs to prioritize. For that, peers to not
184priorities of the requests received at face value. First, they check how much 206take the priorities of the requests received at face value.
185they trust the sender, and depending on that amount of trust they assign the 207First, they check how much they trust the sender, and depending on that
186request a (possibly lower) effective priority. Then, they drop the requests 208amount of trust they assign the request a (possibly lower) effective
187with the lowest effective priority to satisfy their resource constraints. This 209priority. Then, they drop the requests with the lowest effective priority
188way, GNUnet's economic model ensures that nodes that are not currently 210to satisfy their resource constraints. This way, GNUnet's economic model
189considered to have a surplus in contributions will not be served if the 211ensures that nodes that are not currently considered to have a surplus in
190network load is high. 212contributions will not be served if the network load is high.@footnote{Mor
191@footnote{More details can be found in @uref{https://gnunet.org/ebe, this paper}} 213e details can be found in @uref{https://gnunet.org/ebe, this paper}}
192 214
215@cindex Confidentiality
193@node Confidentiality 216@node Confidentiality
194@subsection Confidentiality 217@subsection Confidentiality
195 218
196Adversaries outside of GNUnet are not supposed to know what kind of actions a 219Adversaries outside of GNUnet are not supposed to know what kind of
197peer is involved in. Only the specific neighbor of a peer that is the 220actions a peer is involved in. Only the specific neighbor of a peer that
198corresponding sender or recipient of a message may know its contents, and even 221is the corresponding sender or recipient of a message may know its
199then application protocols may place further restrictions on that knowledge. 222contents, and even then application protocols may place further
200In order to ensure confidentiality, GNUnet uses link encryption, that is each 223restrictions on that knowledge.
201message exchanged between two peers is encrypted using a pair of keys only 224In order to ensure confidentiality, GNUnet uses link encryption, that is
202known to these two peers. Encrypting traffic like this makes any kind of 225each message exchanged between two peers is encrypted using a pair of
203traffic analysis much harder. Naturally, for some applications, it may still 226keys only known to these two peers.
204be desirable if even neighbors cannot determine the concrete contents of a 227Encrypting traffic like this makes any kind of traffic analysis much
205message. In GNUnet, this problem is addressed by the specific 228harder. Naturally, for some applications, it may still be desirable if
206application-level protocols (see for example, deniability and anonymity in 229even neighbors cannot determine the concrete contents of a message.
207anonymous file sharing). 230In GNUnet, this problem is addressed by the specific application-level
208 231protocols (see for example, deniability and anonymity in anonymous file
232sharing).
233
234@cindex Anonymity
209@node Anonymity 235@node Anonymity
210@subsection Anonymity 236@subsection Anonymity
211 237
@@ -214,14 +240,16 @@ anonymous file sharing).
214@end menu 240@end menu
215 241
216Providing anonymity for users is the central goal for the anonymous 242Providing anonymity for users is the central goal for the anonymous
217file-sharing application. Many other design decisions follow in the footsteps 243file-sharing application. Many other design decisions follow in the
218of this requirement. Anonymity is never absolute. While there are various 244footsteps of this requirement.
245Anonymity is never absolute. While there are various
219@uref{https://gnunet.org/anonymity_metric, scientific metrics} that can 246@uref{https://gnunet.org/anonymity_metric, scientific metrics} that can
220help quantify the level of anonymity that a given mechanism provides, 247help quantify the level of anonymity that a given mechanism provides,
221there is no such thing as complete anonymity. 248there is no such thing as complete anonymity.
222GNUnet's file-sharing implementation allows users to select for each 249GNUnet's file-sharing implementation allows users to select for each
223operation (publish, search, download) the desired level of anonymity. 250operation (publish, search, download) the desired level of anonymity.
224The metric used is the amount of cover traffic available to hide the request. 251The metric used is the amount of cover traffic available to hide the
252request.
225While this metric is not as good as, for example, the theoretical metric 253While this metric is not as good as, for example, the theoretical metric
226given in @uref{https://gnunet.org/anonymity_metric, scientific metrics}, 254given in @uref{https://gnunet.org/anonymity_metric, scientific metrics},
227it is probably the best metric available to a peer with a purely local 255it is probably the best metric available to a peer with a purely local
@@ -236,10 +264,12 @@ allows GNUnet to use more efficient, non-anonymous routing.
236 264
237Contrary to other designs, we do not believe that users achieve strong 265Contrary to other designs, we do not believe that users achieve strong
238anonymity just because their requests are obfuscated by a couple of 266anonymity just because their requests are obfuscated by a couple of
239indirections. This is not sufficient if the adversary uses traffic analysis. 267indirections. This is not sufficient if the adversary uses traffic
240The threat model used for anonymous file sharing in GNUnet assumes that the 268analysis.
241adversary is quite powerful. In particular, we assume that the adversary can 269The threat model used for anonymous file sharing in GNUnet assumes that
242see all the traffic on the Internet. And while we assume that the adversary 270the adversary is quite powerful.
271In particular, we assume that the adversary can see all the traffic on
272the Internet. And while we assume that the adversary
243can not break our encryption, we assume that the adversary has many 273can not break our encryption, we assume that the adversary has many
244participating nodes in the network and that it can thus see many of the 274participating nodes in the network and that it can thus see many of the
245node-to-node interactions since it controls some of the nodes. 275node-to-node interactions since it controls some of the nodes.
@@ -251,25 +281,29 @@ Hiding actions in the traffic of other users requires participating in the
251traffic, bringing back the traditional technique of using indirection and 281traffic, bringing back the traditional technique of using indirection and
252source rewriting. Source rewriting is required to gain anonymity since 282source rewriting. Source rewriting is required to gain anonymity since
253otherwise an adversary could tell if a message originated from a host by 283otherwise an adversary could tell if a message originated from a host by
254looking at the source address. If all packets look like they originate from 284looking at the source address. If all packets look like they originate
255a node, the adversary can not tell which ones originate from that node and 285from a node, the adversary can not tell which ones originate from that
256which ones were routed. Note that in this mindset, any node can decide to 286node and which ones were routed.
257break the source-rewriting paradigm without violating the protocol, as this 287Note that in this mindset, any node can decide to break the
258only reduces the amount of traffic that a node can hide its own traffic in. 288source-rewriting paradigm without violating the protocol, as this
289only reduces the amount of traffic that a node can hide its own traffic
290in.
259 291
260If we want to hide our actions in the traffic of other nodes, we must make 292If we want to hide our actions in the traffic of other nodes, we must make
261our traffic indistinguishable from the traffic that we route for others. As 293our traffic indistinguishable from the traffic that we route for others.
262our queries must have us as the receiver of the reply (otherwise they would 294As our queries must have us as the receiver of the reply
263be useless), we must put ourselves as the receiver of replies that actually 295(otherwise they would be useless), we must put ourselves as the receiver
264go to other hosts; in other words, we must indirect replies. Unlike other 296of replies that actually go to other hosts; in other words, we must
265systems, in anonymous file-sharing as implemented on top of GNUnet we do not 297indirect replies.
266have to indirect the replies if we don't think we need more traffic to hide 298Unlike other systems, in anonymous file-sharing as implemented on top of
267our own actions. 299GNUnet we do not have to indirect the replies if we don't think we need
300more traffic to hide our own actions.
268 301
269This increases the efficiency of the network as we can indirect less under 302This increases the efficiency of the network as we can indirect less under
270higher load. 303higher load.@footnote{More details can be found in @uref{https://gnunet.
271@footnote{More details can be found in @uref{https://gnunet.org/gap, this paper}} 304org/gap, this paper}}
272 305
306@cindex Deniability
273@node Deniability 307@node Deniability
274@subsection Deniability 308@subsection Deniability
275 309
@@ -279,49 +313,56 @@ intermediaries can find out which queries or which content they are
279processing, a strong adversary could try to force them to censor 313processing, a strong adversary could try to force them to censor
280certain materials. 314certain materials.
281 315
282With the file-encoding used by GNUnet's anonymous file-sharing, this problem 316With the file-encoding used by GNUnet's anonymous file-sharing, this
283does not arise. The reason is that queries and replies are transmitted in 317problem does not arise.
318The reason is that queries and replies are transmitted in
284an encrypted format such that intermediaries cannot tell what the query 319an encrypted format such that intermediaries cannot tell what the query
285is for or what the content is about. Mind that this is not the same 320is for or what the content is about. Mind that this is not the same
286encryption as the link-encryption between the nodes. GNUnet has 321encryption as the link-encryption between the nodes. GNUnet has
287encryption on the network layer (link encryption, confidentiality, 322encryption on the network layer (link encryption, confidentiality,
288authentication) and again on the application layer (provided 323authentication) and again on the application layer (provided
289by @command{gnunet-publish}, @command{gnunet-download}, @command{gnunet-search} 324by @command{gnunet-publish}, @command{gnunet-download},
290and @command{gnunet-gtk}). 325@command{gnunet-search} and @command{gnunet-gtk}).@footnote{More details
291@footnote{More details can be found @uref{https://gnunet.org/encoding, here}} 326can be found @uref{https://gnunet.org/encoding, here}}
292 327
328@cindex Peer Identities
293@node Peer Identities 329@node Peer Identities
294@subsection Peer Identities 330@subsection Peer Identities
295 331
296Peer identities are used to identify peers in the network and are unique for 332Peer identities are used to identify peers in the network and are unique
297each peer. The identity for a peer is simply its public key, which is 333for each peer. The identity for a peer is simply its public key, which is
298generated along with a private key the peer is started for the first time. 334generated along with a private key the peer is started for the first time.
299While the identity is binary data, it is often expressed as ASCII string. 335While the identity is binary data, it is often expressed as ASCII string.
300For example, the following is a peer identity as you might see it in 336For example, the following is a peer identity as you might see it in
301various places: @code{ UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0} 337various places:
338@code{ UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0}
302 339
303You can find your peer identity by running @command{gnunet-peerinfo -s}. 340You can find your peer identity by running @command{gnunet-peerinfo -s}.
304 341
342@cindex GNS Zones
305@node Zones in the GNU Name System (GNS Zones) 343@node Zones in the GNU Name System (GNS Zones)
306@subsection Zones in the GNU Name System (GNS Zones) 344@subsection Zones in the GNU Name System (GNS Zones)
307 345
308GNS zones are similar to those of DNS zones, but instead of a hierarchy of 346GNS zones are similar to those of DNS zones, but instead of a hierarchy of
309authorities to governing their use, GNS zones are controlled by a private key. 347authorities to governing their use, GNS zones are controlled by a private
348key.
310When you create a record in a DNS zone, that information stored in your 349When you create a record in a DNS zone, that information stored in your
311nameserver. Anyone trying to resolve your domain then gets pointed (hopefully) 350nameserver. Anyone trying to resolve your domain then gets pointed
312by the centralised authority to your nameserver. Whereas GNS, being 351(hopefully) by the centralised authority to your nameserver.
313decentralised by design, stores that information in DHT. The validity of the 352Whereas GNS, being decentralised by design, stores that information in
314records is assured cryptographically, by signing them with the private key of 353DHT. The validity of the records is assured cryptographically, by
315the respective zone. 354signing them with the private key of the respective zone.
316 355
317Anyone trying to resolve records in a zone your domain can then verify the 356Anyone trying to resolve records in a zone your domain can then verify the
318signature on the records they get from the DHT and be assured that they are 357signature on the records they get from the DHT and be assured that they
319indeed from the respective zone. To make this work, there is a 1:1 358are indeed from the respective zone. To make this work, there is a 1:1
320correspondence between zones and their public-private key pairs. So when we 359correspondence between zones and their public-private key pairs.
321talk about the owner of a GNS zone, that's really the owner of the private 360So when we talk about the owner of a GNS zone, that's really the owner of
322key. And a user accessing a zone needs to somehow specify the corresponding 361the private key.
362And a user accessing a zone needs to somehow specify the corresponding
323public key first. 363public key first.
324 364
365@cindex Egos
325@node Egos 366@node Egos
326@subsection Egos 367@subsection Egos
327 368