diff options
Diffstat (limited to 'doc/documentation/chapters/philosophy.texi')
-rw-r--r-- | doc/documentation/chapters/philosophy.texi | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/doc/documentation/chapters/philosophy.texi b/doc/documentation/chapters/philosophy.texi index c8e2651c3..681d5acc3 100644 --- a/doc/documentation/chapters/philosophy.texi +++ b/doc/documentation/chapters/philosophy.texi | |||
@@ -47,7 +47,9 @@ Refer to @uref{https://www.gnu.org/philosophy/free-sw.html, https://www.gnu.org/ | |||
47 | @item GNUnet must only disclose the minimal amount of information | 47 | @item GNUnet must only disclose the minimal amount of information |
48 | necessary. | 48 | necessary. |
49 | @c TODO: Explain 'fully' in the terminology section. | 49 | @c TODO: Explain 'fully' in the terminology section. |
50 | @item GNUnet must be fully distributed and survive Byzantine failures | 50 | @item GNUnet must be fully distributed and survive |
51 | @uref{https://en.wikipedia.org/wiki/Byzantine_fault_tolerance, Byzantine failures} | ||
52 | @footnote{@uref{https://en.wikipedia.org/wiki/Byzantine_fault_tolerance, https://en.wikipedia.org/wiki/Byzantine_fault_tolerance}} | ||
51 | at any position in the network. | 53 | at any position in the network. |
52 | @item GNUnet must make it explicit to the user which entities are | 54 | @item GNUnet must make it explicit to the user which entities are |
53 | considered to be trustworthy when establishing secured communications. | 55 | considered to be trustworthy when establishing secured communications. |
@@ -163,7 +165,7 @@ DH (Diffie---Hellman) key exchange using ephemeral eliptic curve | |||
163 | cryptography. The ephemeral ECC (Eliptic Curve Cryptography) keys are | 165 | cryptography. The ephemeral ECC (Eliptic Curve Cryptography) keys are |
164 | signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}). | 166 | signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}). |
165 | The shared secret from ECDHE is used to create a pair of session keys | 167 | The shared secret from ECDHE is used to create a pair of session keys |
166 | @c FIXME: LOng word for HKDF | 168 | @c FIXME: LOng word for HKDF. More FIXMEs: Explain MITM etc. |
167 | (using HKDF) which are then used to encrypt the communication between the | 169 | (using HKDF) which are then used to encrypt the communication between the |
168 | two peers using both 256-bit AES (Advanced Encryption Standard) | 170 | two peers using both 256-bit AES (Advanced Encryption Standard) |
169 | and 256-bit Twofish (with independently derived secret keys). | 171 | and 256-bit Twofish (with independently derived secret keys). |
@@ -173,8 +175,6 @@ without requiring signatures each time. GNUnet uses SHA-512 | |||
173 | (Secure Hash Algorithm) hash codes to verify the integrity of messages. | 175 | (Secure Hash Algorithm) hash codes to verify the integrity of messages. |
174 | 176 | ||
175 | In GNUnet, the identity of a host is its public key. For that reason, | 177 | In GNUnet, the identity of a host is its public key. For that reason, |
176 | @c FIXME: is it clear to the average reader what a man-in-the-middle | ||
177 | @c attack is? | ||
178 | man-in-the-middle attacks will not break the authentication or accounting | 178 | man-in-the-middle attacks will not break the authentication or accounting |
179 | goals. Essentially, for GNUnet, the IP of the host has nothing to do with | 179 | goals. Essentially, for GNUnet, the IP of the host has nothing to do with |
180 | the identity of the host. As the public key is the only thing that truly | 180 | the identity of the host. As the public key is the only thing that truly |
@@ -420,8 +420,9 @@ public key first. | |||
420 | @node Egos | 420 | @node Egos |
421 | @subsection Egos | 421 | @subsection Egos |
422 | 422 | ||
423 | @c what is the difference between peer identity and egos? It seems | ||
424 | @c like both are linked to public-private key pair. | ||
423 | Egos are your "identities" in GNUnet. Any user can assume multiple | 425 | Egos are your "identities" in GNUnet. Any user can assume multiple |
424 | identities, for example to separate their activities online. Egos can | 426 | identities, for example to separate their activities online. Egos can |
425 | correspond to pseudonyms or real-world identities. Technically, an | 427 | correspond to pseudonyms or real-world identities. Technically, an |
426 | ego is first of all a public-private key pair. | 428 | ego is first of all a public-private key pair. |
427 | |||