5 files changed, 464 insertions, 134 deletions
diff --git a/doc/documentation/chapters/contributing.texi b/doc/documentation/chapters/contributing.texi
index 745acca77..a92df45c3 100644
--- a/doc/documentation/chapters/contributing.texi
+++ b/doc/documentation/chapters/contributing.texi
@@ -6,17 +6,20 @@
 * Licenses of contributions::
 * Copyright Assignment::
 * Contributing to the Reference Manual::
+* Contributing testcases::
 @end menu
 @node Contributing to GNUnet
 @section Contributing to GNUnet
+@cindex licenses
+@cindex licenses of contributions
 @node Licenses of contributions
 @section Licenses of contributions
 GNUnet is a @uref{https://www.gnu.org/, GNU} package.
 All code contributions must thus be put under the
-@uref{https://www.gnu.org/copyleft/gpl.html, GNU Public License (GPL)}.
+@uref{https://www.gnu.org/licenses/agpl.html, GNU Affero Public License (AGPL)}.
 All documentation should be put under FSF approved licenses
 (see @uref{https://www.gnu.org/copyleft/fdl.html, fdl}).
@@ -40,7 +43,7 @@ rights, and in particular is allowed to dual-license the code. You
 retain non-exclusive rights to your contributions, so you can also
 share your contributions freely with other projects.
-GNUnet e.V. will publish all accepted contributions under the GPLv3
+GNUnet e.V. will publish all accepted contributions under the AGPLv3
 or any later version. The association may decide to publish
 contributions under additional licenses (dual-licensing).
@@ -88,3 +91,21 @@ In a 200+ pages handbook it's better to have footnotes accessible
 without having to skip over to the end.
 @end itemize
+@node Contributing testcases
+@section Contributing testcases
+In the core of gnunet, we restrict new testcases to a small subset
+of languages, in order of preference:
+@enumerate
+@item C
+@item Bash (preferable portable without too much specifics to Bash)
+@item Python (@geq{}3.6)
+@end enumerate
+We welcome efforts to remove our existing python-2.7 scripts to
+replace them either with Bash or, at your choice, python-3.6+.
+If you contribute new python based testcases, we advise you to
+not repeat our past misfortunes and write the tests in a standard
+test framework like for example pytest.
diff --git a/doc/documentation/chapters/developer.texi b/doc/documentation/chapters/developer.texi
index 1f74a8163..e82e32b59 100644
--- a/doc/documentation/chapters/developer.texi
+++ b/doc/documentation/chapters/developer.texi
@@ -214,9 +214,7 @@ Installation and update tool
 Template for starting 'external' GNUnet projects
 @item @command{gnunet-java}
 Java APIs for writing GNUnet services and applications
-@c ** FIXME: Point to new website repository once we have it:
+@item @command{gnunet-java-ext}
-@c ** @item svn/gnunet-www/ Code and media helping drive the GNUnet
-@c website
 @item @command{eclectic}
 Code to run GNUnet nodes on testbeds for research, development,
 testing and evaluation
@@ -227,6 +225,8 @@ Qt-based GNUnet GUI (is it deprecated?)
 cocoa-based GNUnet GUI (is it deprecated?)
 @item @command{gnunet-guile}
 Guile bindings for GNUnet
+@item @command{gnunet-python}
+Python bindings for GNUnet
 @end table
@@ -246,6 +246,13 @@ Tool for automated debugging of distributed systems
 Library for accessing satellite connection quality reports
 @item @command{libgnurl}
 gnURL (feature-restricted variant of cURL/libcurl)
+@item @command{www}
+work in progress of the new gnunet.org website (Jinja2 framework based to
+replace our current Drupal website)
+@item @command{bibliography}
+Our collected bibliography, papers, references, and so forth
+@item @command{gnunet-videos-}
+Videos about and around gnunet activities
 @end table
 Finally, there are various external projects (see links for a list of
diff --git a/doc/documentation/chapters/installation.texi b/doc/documentation/chapters/installation.texi
index f5e38fd3d..559a97f96 100644
--- a/doc/documentation/chapters/installation.texi
+++ b/doc/documentation/chapters/installation.texi
@@ -1,22 +1,40 @@
 @node Installing GNUnet
 @chapter Installing GNUnet
-This guide is intended for those who want to install Gnunet from source. For instructions on how to install GNUnet as a binary package please refer to the official documentation of your operating system or package manager.
+This guide is intended for those who want to install Gnunet from
+source. For instructions on how to install GNUnet as a binary package
+please refer to the official documentation of your operating system or
+package manager.
-@node Getting the Source Code
+@menu
+* Installing dependencies::
+* Getting the Source Code::
+* Create @code{gnunet} user and group::
+* Preparing and Compiling the Source Code::
+* Installation::
+* MOVED FROM USER Checking the Installation::
+* MOVED FROM USER The graphical configuration interface::
+* MOVED FROM USER Config Leftovers::
+@end menu
+@c -----------------------------------------------------------------------
+@node Installing dependencies
 @section Installing dependencies
-GNUnet needs few libraries and applications for being able to run and another few optional ones for using certain features. Preferably they should be installed with a package manager. Just in case we include a link to the project websites.
+GNUnet needs few libraries and applications for being able to run and
+another few optional ones for using certain features. Preferably they
+should be installed with a package manager. Just in case we include a
+link to the project websites.
 The mandatory libraries and applications are
 @itemize @bullet
 @item libtool
-@item autoconf >= version 2.59
+@item autoconf @geq{}2.59
-@item automake >= version 1.11.1
+@item automake @geq{}1.11.1
 @item pkg-config
-@item libgcrypt >= version 1.6
+@item libgcrypt @geq{}1.6
 @item libextractor
 @item libidn
-@item libmicrohttpd >= version 0.9.52
+@item libmicrohttpd @geq{}0.9.52
 @item libnss 
 @item libunistring
 @item gettext
@@ -43,30 +61,43 @@ These are the dependencies only required for certain features
 @item libpulse (for running the GNUnet conversation telephony application)
 @item libogg (for running the GNUnet conversation telephony application)
 @item bluez (for bluetooth support)
-@item libpbc (for attribute-based encryption and the identity provider subsystem)
+@item libpbc
-@item libgabe (for attribute-based encryption and the identity provider subsystem)
+(for attribute-based encryption and the identity provider subsystem)
+@item libgabe
+(for attribute-based encryption and the identity provider subsystem)
 @end itemize
+@c -----------------------------------------------------------------------
+@node Getting the Source Code
 @section Getting the Source Code
-You can either download the source code using git (you obviously need git installed) or as an archive.
+You can either download the source code using git (you obviously need
+git installed) or as an archive.
 Using git type
 @example
 git clone https://gnunet.org/git/gnunet.git
 @end example
-The archive can be found at @uref{https://gnunet.org/downloads}. Extract it using a graphical archive tool or @code{tar}:
+The archive can be found at
+@uref{https://gnunet.org/downloads}. Extract it using a graphical
+archive tool or @code{tar}:
 @example
 tar xzvf gnunet-0.11.0pre66.tar.gz
 @end example
-In the next chapter we will assume that the source code is available in the home directory at @code{~/gnunet}.
+In the next chapter we will assume that the source code is available
+in the home directory at @code{~/gnunet}.
+@c -----------------------------------------------------------------------
+@node Create @code{gnunet} user and group
 @section Create @code{gnunet} user and group
-The GNUnet services should be run as a dedicated user called @code{gnunet}. For using them a user should be in the same group as this system user.
+The GNUnet services should be run as a dedicated user called
+@code{gnunet}. For using them a user should be in the same group as
+this system user.
-Create user @code{gnunet} who is member of the group @code{gnunet} and specify a home directory where the GNUnet services will store persistant data such as information about peers.
+Create user @code{gnunet} who is member of the group @code{gnunet} and
+specify a home directory where the GNUnet services will store
+persistant data such as information about peers.
 @example
 $ sudo useradd --system --groups gnunet --home-dir /var/lib/gnunet
 @end example
@@ -76,8 +107,13 @@ Now add your own user to the @code{gnunet} group.
 $ sudo adduser alice gnunet
 @end example
+@c -----------------------------------------------------------------------
+@node Preparing and Compiling the Source Code
 @section Preparing and Compiling the Source Code
-For preparing the source code for compilation a bootstrap script and @code{configure} has to be run from the source code directory. When running @code{configure} the following options can be specified to customize the compilation and installation process:
+For preparing the source code for compilation a bootstrap script and
+@code{configure} has to be run from the source code directory. When
+running @code{configure} the following options can be specified to
+customize the compilation and installation process:
 @itemize @bullet
 @item @code{--disable-documentation} - don't build the configuration documents
@@ -91,27 +127,39 @@ For preparing the source code for compilation a bootstrap script and @code{confi
 @item @code{--with-sudo=[PATH]} - path to the sudo binary (no need to run @code{make install} as root if specified)
 @end itemize
-The following example configures the installation prefix @code{/usr/lib} and disables building the documentation
+The following example configures the installation prefix
+@code{/usr/lib} and disables building the documentation
 @example
 $ cd ~/gnunet
 $ ./bootstrap
 $ configure --prefix=/usr/lib --disable-configuration
 @end example
-After running the bootstrap script and @code{configure} successfully the source code can be compiled with make. Here @code{-j5} specifies that 5 threads should be used.
+After running the bootstrap script and @code{configure} successfully
+the source code can be compiled with make. Here @code{-j5} specifies
+that 5 threads should be used.
 @example
 $ make -j5
 @end example
+@c -----------------------------------------------------------------------
+@node Installation
 @section Installation
-The compiled binaries can be installed using @code{make install}. It needs to be run as root (or with sudo) because some binaries need the @code{suid} bit set. Without that some GNUnet subsystems (such as VPN) will not work.
+The compiled binaries can be installed using @code{make install}. It
+needs to be run as root (or with sudo) because some binaries need the
+@code{suid} bit set. Without that some GNUnet subsystems (such as VPN)
+will not work.
 @example
 $ sudo make install
 @end example
-One important library is the GNS plugin for NSS (the name services switch) which allows using GNS (the GNU name system) in the normal DNS resolution process. Unfortunately NSS expects it in a specific location (probably @code{/lib}) which may differ from the installation prefix (see @code{--prefix} option in the previous section). This is why the pugin has to be installed manually.
+One important library is the GNS plugin for NSS (the name services
+switch) which allows using GNS (the GNU name system) in the normal DNS
+resolution process. Unfortunately NSS expects it in a specific
+location (probably @code{/lib}) which may differ from the installation
+prefix (see @code{--prefix} option in the previous section). This is
+why the pugin has to be installed manually.
 Find the directory where nss plugins are installed on your system, e.g.
@@ -129,24 +177,30 @@ Copy the GNS NSS plugin to that directory:
 cp ~/gnunet/src/gns/nss/libnss_gns.so.2 /lib
 @end example
-Now, to activate the plugin, you need to edit your @code{/etc/nsswitch.conf} where you should find a line like this:
+Now, to activate the plugin, you need to edit your
+@code{/etc/nsswitch.conf} where you should find a line like this:
 @example
 hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
 @end example
-The exact details may differ a bit, which is fine. Add the text @code{"gns [NOTFOUND=return]"} after @code{"files"}. 
+The exact details may differ a bit, which is fine. Add the text
+@code{"gns [NOTFOUND=return]"} after @code{"files"}.
 @example
 hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4
 @end example
-Optionally, if GNS shall be used with a browser, execute the GNS CA-setup script. It will isetup the GNS Certificate Authority with the user's browser.
+Optionally, if GNS shall be used with a browser, execute the GNS
+CA-setup script. It will isetup the GNS Certificate Authority with the
+user's browser.
 @example
 $ gnunet-gns-proxy-setup-ca
 @end example
-Finally install a configuration file in @code{~/.gnunet/gnunet.conf}. Below you find an example config which allows you to start GNUnet.
+Finally install a configuration file in
+@code{~/.gnunet/gnunet.conf}. Below you find an example config which
+allows you to start GNUnet.
 @example
 [arm]
@@ -170,7 +224,8 @@ This section describes a quick, casual way to check if your GNUnet
 installation works. However, if it does not, we do not cover
 steps for recovery --- for this, please study the instructions
 provided in the developer handbook as well as the system-specific
-instruction in the source code repository@footnote{The system specific instructions are not provided as part of this handbook!}.
+instruction in the source code repository@footnote{The system specific
+instructions are not provided as part of this handbook!}.
 @menu
@@ -203,21 +258,25 @@ Currently these interfaces cover:
 @subsection Statistics
 @c %**end of header
-First, you should launch GNUnet gtk@footnote{Obviously you should also start gnunet, via gnunet-arm or the system provided method}.
+First, you should launch GNUnet gtk@footnote{Obviously you should also
+start gnunet, via gnunet-arm or the system provided method}.
 You can do this from the command-line by typing
 @example
 gnunet-statistics-gtk
 @end example
-If your peer@footnote{The term ``peer'' is a common word used in federated and distributed networks to describe a participating device which is connected to the network. Thus, your Personal Computer or whatever it is you are looking at the Gtk+ interface describes a ``Peer'' or a ``Node''.}
+If your peer@footnote{The term ``peer'' is a common word used in
-is running correctly, you should see a bunch of lines,
+federated and distributed networks to describe a participating device
-all of which should be ``significantly'' above zero (at least if your
+which is connected to the network. Thus, your Personal Computer or
-peer has been running for more than a few seconds). The lines indicate
+whatever it is you are looking at the Gtk+ interface describes a
-how many other peers your peer is connected to (via different
+``Peer'' or a ``Node''.}  is running correctly, you should see a bunch
-mechanisms) and how large the entire overlay network is currently
+of lines, all of which should be ``significantly'' above zero (at
-estimated to be. The X-axis represents time (in seconds since the
+least if your peer has been running for more than a few seconds). The
-start of @command{gnunet-gtk}).
+lines indicate how many other peers your peer is connected to (via
+different mechanisms) and how large the entire overlay network is
+currently estimated to be. The X-axis represents time (in seconds
+since the start of @command{gnunet-gtk}).
 You can click on "Traffic" to see information about the amount of
 bandwidth your peer has consumed, and on "Storage" to check the amount
diff --git a/doc/documentation/chapters/preface.texi b/doc/documentation/chapters/preface.texi
index 00e6290f0..29cf924a2 100644
--- a/doc/documentation/chapters/preface.texi
+++ b/doc/documentation/chapters/preface.texi
@@ -12,9 +12,9 @@ all kinds of basic applications for the foundation of a new Internet.
 @menu
 * About this book::
+* Contributing to this book::
 * Introduction::
 * Project governance::
-* General Terminology::
 * Typography::
 @end menu
@@ -37,6 +37,26 @@ The first chapter (``Preface'') as well as the the second
 chapter (``Philosophy'') give an introduction to GNUnet as a project,
 what GNUnet tries to achieve.
+@node Contributing to this book
+@section Contributing to this book
+The GNUnet Reference Manual is a collective work produced by various
+people throughout the years. The version you are reading is derived
+from many individual efforts hosted on our website. This was a failed
+experiment, and with the conversion to Texinfo we hope to address this
+in the longterm. Texinfo is the documentation language of the GNU project.
+While it can be intimidating at first and look scary or complicated,
+it is just another way to express text format instructions. We encourage
+you to take this opportunity and learn about Texinfo, learn about GNUnet,
+and one word at a time we will arrive at a book which explains GNUnet in
+the least complicated way to you. Even when you don't want or can't learn
+Texinfo, you can contribute. Send us an Email or join our IRC chat room
+on freenode and talk with us about the documentation (the prefered way
+to reach out is the mailinglist, since you can communicate with us
+without waiting on someone in the chatroom). One way or another you
+can help shape the understanding of GNUnet without the ability to read
+and understand its sourcecode.
 @node Introduction
 @section Introduction
@@ -66,25 +86,31 @@ immediately.  A few months after the first release we contacted the
 GNU project, happily agreed to their governance model and became an
 official GNU package.
-Within the first year, we created GNU libextractor, a helper library
+Within the first year, we created
+@uref{https://gnu.org/s/libextractor, GNU libextractor}, a helper library
 for meta data extraction which has been used by a few other projects
 as well.  2003 saw the emergence of pluggable transports, the ability
 for GNUnet to use different mechanisms for communication, starting
 with TCP, UDP and SMTP (support for the latter was later dropped due
 to a lack of maintenance).  In 2005, the project first started to
 evolve beyond the original file-sharing application with a first
-simple P2P chat.  In 2007, we created GNU libmicrohttpd
+simple P2P chat.  In 2007, we created
+@uref{https://gnu.org/s/libmicrohttpd, GNU libmicrohttpd}
 to support a pluggable transport based on HTTP.  In 2009, the
 architecture was radically modularized into the multi-process system
-that exists today.  Coincidentally, the first version of the ARM
+that exists today.  Coincidentally, the first version of the ARM@footnote{ARM: Automatic Restart Manager}
 service was implemented a day before systemd was announced.  From 2009
 to 2014 work progressed rapidly thanks to a significant research grant
 from the Deutsche Forschungsgesellschaft.  This resulted in particular
 in the creation of the R5N DHT, CADET, ATS and the GNU Name System.
-In 2010, GNUnet was selected as the basis for the SecuShare online
+In 2010, GNUnet was selected as the basis for the
-social network, resutling in a significant growth of the core team.
+@uref{https://secushare.org, secushare} online
-In 2013, we launched GNU Taler to address the challenge of convenient
+social network, resulting in a significant growth of the core team.
-and privacy-preserving online payments.  In 2015, the pEp project
+In 2013, we launched @uref{https://taler.net, GNU Taler} to address
+the challenge of convenient
+and privacy-preserving online payments.  In 2015, the
+@c TODO: Maybe even markup for the E if it renders in most outputs.
+@uref{https://pep.foundation/, pEp}@footnote{pretty easy privacy} project
 announced that they will use GNUnet as the technology for their
 meta-data protection layer, ultimately resulting in GNUnet e.V.
 entering into a formal long-term collaboration with the pEp
@@ -99,9 +125,9 @@ computing has been the core driver of the GNU project. With GNUnet we
 are focusing on informational self-determination for collaborative
 computing and communication over networks.
-The Internet is shaped as much by code and protocols as by its
+The Internet is shaped as much by code and protocols as it is by its
-associated political processes (IETF, ICANN, IEEE, etc.), and its
+associated political processes (IETF, ICANN, IEEE, etc.).
-flaws are similarly not limited to the protocol design.  Thus,
+Similarly its flaws are not limited to the protocol design.  Thus,
 technical excellence by itself will not suffice to create a better
 network. We also need to build a community that is wise, humble and
 has a sense of humor to achieve our goal to create a technical
@@ -116,23 +142,22 @@ follows the governance model of a benevolent dictator.  This means
 that ultimately, the GNU project appoints the GNU maintainer and can
 overrule decisions made by the GNUnet maintainer. Similarly, the
 GNUnet maintainer can overrule any decisions made by individual
+@c TODO: Should we mention if this is just about GNUnet? Other projects
+@c TODO: in GNU seem to have rare issues (GCC, the 2018 documentation
+@c TODO: discussion.
 developers.  Still, in practice neither has happened in the last 20
 years, and we hope to keep it that way.
+@c TODO: Actually we are a Swiss association, or just a German association
+@c TODO: with Swiss bylaws/Satzung?
+@c TODO: Rewrite one of the 'GNUnet eV may also' sentences.
 The GNUnet project is supported by GNUnet e.V., a German association
-where any developer can become a member.  GNUnet e.V. servers as a
+where any developer can become a member.  GNUnet e.V. serves as a
 legal entity to hold the copyrights to GNUnet.  GNUnet e.V. may also
 choose to pay for project resources, and can collect donations.
 GNUnet e.V. may also choose to adjust the license of the
-software (with the constraint that it has to remain free software).
+software (with the constraint that it has to remain free software)@footnote{For example in 2018 we switched from GPL3 to AGPL3. In practice these changes do not happen very often.}
-@node General Terminology
-@section General Terminology
-In the following manual we may use words that can not be found in the
-Appendix. Since we want to keep the manual selfcontained, we will
-explain words here.
 @node Typography
 @section Typography
@@ -142,3 +167,5 @@ command should/can be issued as root, or if "normal" user privileges are
 sufficient. We use a @code{#} for root's shell prompt, a
 @code{%} for users' shell prompt, assuming they use the C-shell or tcsh
 and a @code{$} for bourne shell and derivatives.
+@c TODO: Really? Why the different prompts? Do we already have c-shell
+@c TODO: examples?
diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi
index fe47abb86..50b795197 100644
--- a/doc/documentation/chapters/user.texi
+++ b/doc/documentation/chapters/user.texi
@@ -26,6 +26,7 @@ always welcome.
 * First steps - Using the GNUnet VPN::
 * File-sharing::
 * The GNU Name System::
+* re@:claim Identity Provider::
 * Using the Virtual Public Network::
 @end menu
@@ -43,6 +44,7 @@ To stop GNUnet:
 @example
 $ gnunet-arm -e
 @end example
 @node First steps - Using the GNU Name System
 @section First steps - Using the GNU Name System
 @c %**end of header
@@ -246,7 +248,7 @@ more an experimental feature and not really our primary goal at this
 time. Still, it is a possible use-case and we welcome help with testing
 and development.
+@pindex gnunet-bcd
 @node Creating a Business Card
 @subsection Creating a Business Card
 @c FIXME: Which parts of texlive are needed? Some systems offer a modular
@@ -257,7 +259,9 @@ Note that this requires having @command{LaTeX} installed on your system.
 If you are using a Debian GNU/Linux based operating system, the
 following command should install the required components.
 Keep in mind that this @b{requires 3GB} of downloaded data and possibly
-@b{even more} when unpacked.
+@b{even more}@footnote{Author's note:
+@command{guix size `guix build texlive`} in summer 2018 returns a DAG
+size of 5032.4 MiB} when unpacked.
 @b{We welcome any help in identifying the required components of the
 TexLive Distribution. This way we could just state the required components
 without pulling in the full distribution of TexLive.}
@@ -312,12 +316,14 @@ you might need a trip to the store together.
 Before we get started, we need to tell @code{gnunet-qr} which zone
 it should import new records into.  For this, run:
+@pindex gnunet-identity
 @example
 $ gnunet-identity -s namestore -e NAME
 @end example
 where NAME is the name of the zone you want to import records
 into.  In our running example, this would be ``gnu''.
+@pindex gnunet-qr
 Henceforth, for every business card you collect, simply run:
 @example
 $ gnunet-qr
@@ -335,6 +341,7 @@ GNUnet network at this time, you should thus be able to
 resolve your friends names. Suppose your friend's nickname
 is "Bob". Then, type
+@pindex gnunet-gns
 @example
 $ gnunet-gns -u test.bob.gnu
 @end example
@@ -381,6 +388,7 @@ a revocation certificate corresponding to your ego.  This certificate,
 when published on the P2P network, flags your private key as invalid,
 and all further resolutions or other checks involving the key will fail.
+@pindex gnunet-revocation
 A revocation certificate is thus a useful tool when things go out of
 control, but at the same time it should be stored securely.
 Generation of the revocation certificate for a zone can be done through
@@ -433,6 +441,7 @@ private conversation with your friend. Finally, help us
 with the next GNUnet release for even more applications
 using this new public key infrastructure.
+@pindex gnunet-conservation-gtk
 @node First steps - Using GNUnet Conversation
 @section First steps - Using GNUnet Conversation
 @c %**end of header
@@ -485,6 +494,7 @@ that will show up when you call somebody else, as well as the
 GNS zone that will be used to resolve names of users that you
 are calling. Run
+@pindex gnunet-conversation
 @example
 gnunet-conversation -e zone-name
 @end example
@@ -564,7 +574,7 @@ Either of you can end the call using @command{/cancel}. You can exit
 @menu
 * VPN Preliminaries::
-* Exit configuration::
+* GNUnet-Exit configuration::
 * GNS configuration::
 * Accessing the service::
 * Using a Browser::
@@ -595,6 +605,9 @@ The exact details may differ a bit, which is fine. Add the text
 hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4
 @end example
+@c TODO: outdated section, we no longer install this as part of the
+@c TODO: standard installation procedure and should point out the manual
+@c TODO: steps required to make it useful.
 @noindent
 You might want to make sure that @code{/lib/libnss_gns.so.2} exists on
 your system, it should have been created during the installation.
@@ -608,8 +621,8 @@ $ cd src/gns/nss; sudo make install
 @noindent
 to install the NSS plugins in the proper location.
-@node Exit configuration
+@node GNUnet-Exit configuration
-@subsection Exit configuration
+@subsection GNUnet-Exit configuration
 @c %**end of header
 Stop your peer (as user @code{gnunet}, run @command{gnunet-arm -e}) and
@@ -696,9 +709,10 @@ the searcher/downloader specify "no anonymity", non-anonymous
 file-sharing is used. If either user specifies some desired degree
 of anonymity, anonymous file-sharing will be used.
-After a short introduction, we will first look at the various concepts in
+After a short introduction, we will first look at the various concepts
-GNUnet's file-sharing implementation. Then, we will discuss specifics as to how
+in GNUnet's file-sharing implementation. Then, we will discuss
-they impact users that publish, search or download files.
+specifics as to how they impact users that publish, search or download
+files.
 @menu
@@ -706,7 +720,6 @@ they impact users that publish, search or download files.
 * fs-Downloading::
 * fs-Publishing::
 * fs-Concepts::
-* fs-Directories::
 * Namespace Management::
 * File-Sharing URIs::
 * GTK User Interface::
@@ -724,10 +737,11 @@ $ gnunet-search [-t TIMEOUT] KEYWORD
 @end example
 @noindent
-The -t option specifies that the query should timeout after
+The @command{-t} option specifies that the query should timeout after
-approximately TIMEOUT seconds. A value of zero is interpreted
+approximately TIMEOUT seconds. A value of zero (``0'') is interpreted
-as @emph{no timeout}, which is also the default. In this case,
+as @emph{no timeout}, which is the default. In this case,
-gnunet-search will never terminate (unless you press CTRL-C).
+@command{gnunet-search} will never terminate (unless you press
+@command{CTRL-C}).
 If multiple words are passed as keywords, they will all be
 considered optional. Prefix keywords with a "+" to make them mandatory.
@@ -750,10 +764,11 @@ as the first will match files shared under the keywords
 "Das" or "Kapital" whereas the second will match files
 shared under the keyword "Das Kapital".
-Search results are printed by gnunet-search like this:
+Search results are printed by @command{gnunet-search} like this:
 @c it will be better the avoid the ellipsis altogether because I don't
 @c understand the explanation below that
+@c ng0: who is ``I'' and what was the complete sentence?
 @example
 #15:
 gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446
@@ -762,10 +777,11 @@ gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446
 @noindent
 The whole line is the command you would have to enter to download
-the file. The argument passed to @code{-o} is the suggested
+the file. The first argument passed to @code{-o} is the suggested
 filename (you may change it to whatever you like).
-It is followed by the key for decrypting the file, the query for searching the
+It is followed by the key for decrypting the file, the query for
-file, a checksum (in hexadecimal) finally the size of the file in bytes.
+searching the file, a checksum (in hexadecimal) finally the size of
+the file in bytes.
 @node fs-Downloading
 @subsection Downloading
@@ -802,9 +818,9 @@ already present.
 GNUnet's file-encoding mechanism will ensure file integrity, even if the
 existing file was not downloaded from GNUnet in the first place.
-You may want to use the @command{-V} switch  to turn on verbose reporting. In
+You may want to use the @command{-V} switch to turn on verbose
-this case, @command{gnunet-download} will print the current number of bytes
+reporting. In this case, @command{gnunet-download} will print the
-downloaded whenever new data was received.
+current number of bytes downloaded whenever new data was received.
 @node fs-Publishing
 @subsection Publishing
@@ -834,7 +850,7 @@ $ gnunet-publish -m "description:GNU License" -k gpl -k test -m "mimetype:text/p
 The option @code{-k} is used to specify keywords for the file that
 should be inserted. You can supply any number of keywords,
 and each of the keywords will be sufficient to locate and
-retrieve the file. Please note that you must use the @code{-k} option 
+retrieve the file. Please note that you must use the @code{-k} option
 more than once -- one for each expression you use as a keyword for
 the filename.
@@ -845,10 +861,14 @@ list by running @command{extract -L}. Use quotes around the entire
 meta-data argument if the value contains spaces. The meta-data
 is displayed to other users when they select which files to
 download. The meta-data and the keywords are optional and
-maybe inferred using @code{GNU libextractor}.
+may be inferred using @code{GNU libextractor}.
+@command{gnunet-publish} has a few additional options to handle
+namespaces and directories. Refer to the man-page for details:
-gnunet-publish has a few additional options to handle namespaces and
+@example
-directories. See the man-page for details.
+man gnunet-publish
+@end example
 @node Indexing vs. Inserting
 @subsubsection Indexing vs Inserting
@@ -890,18 +910,17 @@ able to crack the encryption (e.g. by guessing the keyword.
 @subsection Concepts
 @c %**end of header
-Sharing files in GNUnet is not quite as simple as in traditional
+For better results with filesharing it is useful to understand the
-file sharing systems. For example, it is not sufficient to just
+following concepts.
-place files into a specific directory to share them. In addition
+In addition to anonymous routing GNUnet attempts to give users a better
-to anonymous routing GNUnet attempts to give users a better experience
+experience in searching for content. GNUnet uses cryptography to safely
-in searching for content. GNUnet uses cryptography to safely break
+break content into smaller pieces that can be obtained from different
-content into smaller pieces that can be obtained from different
+sources without allowing participants to corrupt files. GNUnet makes it
-sources without allowing participants to corrupt files. GNUnet
+difficult for an adversary to send back bogus search results. GNUnet
-makes it difficult for an adversary to send back bogus search
+enables content providers to group related content and to establish a
-results. GNUnet enables content providers to group related content
+reputation. Furthermore, GNUnet allows updates to certain content to be
-and to establish a reputation. Furthermore, GNUnet allows updates
+made available. This section is supposed to introduce users to the
-to certain content to be made available. This section is supposed
+concepts that are used to achieve these goals.
-to introduce users to the concepts that are used to achieve these goals.
 @menu
@@ -921,10 +940,10 @@ to introduce users to the concepts that are used to achieve these goals.
 @c %**end of header
 A file in GNUnet is just a sequence of bytes. Any file-format is allowed
-and the maximum file size is theoretically 264 bytes, except that it
+and the maximum file size is theoretically @math{2^64 - 1} bytes, except
-would take an impractical amount of time to share such a file.
+that it would take an impractical amount of time to share such a file.
-GNUnet itself never interprets the contents of shared files, except
+GNUnet itself never interprets the contents of shared files, except when
-when using GNU libextractor to obtain keywords.
+using GNU libextractor to obtain keywords.
 @node Keywords
 @subsubsection Keywords
@@ -954,10 +973,26 @@ it cannot be changed since it is treated just like an ordinary file
 by the network. Small files (of a few kilobytes) can be inlined in
 the directory, so that a separate download becomes unnecessary.
+Directories are shared just like ordinary files. If you download a
+directory with @command{gnunet-download}, you can use
+@command{gnunet-directory} to list its contents. The canonical
+extension for GNUnet directories when stored as files in your
+local file-system is ".gnd". The contents of a directory are URIs and
+meta data.
+The URIs contain all the information required by
+@command{gnunet-download} to retrieve the file. The meta data
+typically includes the mime-type, description, a filename and
+other meta information, and possibly even the full original file
+(if it was small).
 @node Pseudonyms
 @subsubsection Pseudonyms
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 Pseudonyms in GNUnet are essentially public-private (RSA) key pairs
 that allow a GNUnet user to maintain an identity (which may or may not
 be detached from their real-life identity). GNUnet's pseudonyms are not
@@ -973,6 +1008,10 @@ to copy around).
 @subsubsection Namespaces
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 A namespace is a set of files that were signed by the same pseudonym.
 Files (or directories) that have been signed and placed into a namespace
 can be updated. Updates are identified as authentic if the same secret
@@ -984,11 +1023,15 @@ same entity (which does not have to be the same person).
 @subsubsection Advertisements
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 Advertisements are used to notify other users about the existence of a
 namespace. Advertisements are propagated using the normal keyword search.
 When an advertisement is received (in response to a search), the namespace
 is added to the list of namespaces available in the namespace-search
-dialogs of gnunet-fs-gtk and printed by gnunet-pseudonym. Whenever a
+dialogs of gnunet-fs-gtk and printed by @code{gnunet-identity}. Whenever a
 namespace is created, an appropriate advertisement can be generated.
 The default keyword for the advertising of namespaces is "namespace".
@@ -996,7 +1039,7 @@ Note that GNUnet differentiates between your pseudonyms (the identities
 that you control) and namespaces. If you create a pseudonym, you will
 not automatically see the respective namespace. You first have to create
 an advertisement for the namespace and find it using keyword
-search --- even for your own namespaces. The @command{gnunet-pseudonym}
+search --- even for your own namespaces. The @command{gnunet-identity}
 tool is currently responsible for both managing pseudonyms and namespaces.
 This will likely change in the future to reduce the potential for
 confusion.
@@ -1044,22 +1087,6 @@ level by one. If all blocks reach replication level zero, the
 selection is simply random.
-@node fs-Directories
-@subsection Directories
-@c %**end of header
-Directories are shared just like ordinary files. If you download a
-directory with @command{gnunet-download}, you can use
-@command{gnunet-directory} to list its contents. The canonical
-extension for GNUnet directories when stored as files in your
-local file-system is ".gnd". The contents of a directory are URIs and
-meta data.
-The URIs contain all the information required by
-@command{gnunet-download} to retrieve the file. The meta data
-typically includes the mime-type, description, a filename and
-other meta information, and possibly even the full original file
-(if it was small).
 @node Namespace Management
 @subsection Namespace Management
 @c %**end of header
@@ -1067,8 +1094,8 @@ other meta information, and possibly even the full original file
 @b{Please note that the text in this subsection is outdated and needs}
 @b{to be rewritten for version 0.10!}
-The gnunet-pseudonym tool can be used to create pseudonyms and
+The @code{gnunet-identity} tool can be used to create pseudonyms and
-to advertise namespaces. By default, gnunet-pseudonym simply
+to advertise namespaces. By default, @code{gnunet-identity -D} simply
 lists all locally available pseudonyms.
@@ -1084,6 +1111,10 @@ lists all locally available pseudonyms.
 @subsubsection Creating Pseudonyms
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 With the @command{-C NICK} option it can also be used to
 create a new pseudonym. A pseudonym is the virtual identity
 of the entity in control of a namespace. Anyone can create
@@ -1095,6 +1126,10 @@ used.
 @subsubsection Deleting Pseudonyms
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 With the @command{-D NICK} option pseudonyms can be deleted.
 Once the pseudonym has been deleted it is impossible to add
 content to the corresponding namespace. Deleting the
@@ -1105,6 +1140,10 @@ unavailable.
 @subsubsection Advertising namespaces
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 Each namespace is associated with meta-data that describes
 the namespace. This meta-data is provided by the user at
 the time that the namespace is advertised. Advertisements
@@ -1121,6 +1160,10 @@ the quality of the content found in it.
 @subsubsection Namespace names
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 While the namespace is uniquely identified by its ID, another way
 to refer to the namespace is to use the NICKNAME.
 The NICKNAME can be freely chosen by the creator of the namespace and
@@ -1132,6 +1175,10 @@ to the NICKNAME to get a unique identifier.
 @subsubsection Namespace root
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 An item of particular interest in the namespace advertisement is
 the ROOT. The ROOT is the identifier of a designated entry in the
 namespace. The idea is that the ROOT can be used to advertise an
@@ -1219,6 +1266,10 @@ Furthermore they must not contain '++'.
 @subsubsection Namespace content (sks)
 @c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
 Namespaces are sets of files that have been approved by some (usually
 pseudonymous) user --- typically by that user publishing all of the
 files together. A file can be in many namespaces. A file is in a
@@ -1419,8 +1470,8 @@ $ gnunet-identity -C "myzone"
 Henceforth, on your system you control the TLD ``myzone''.
-All of your zones can be listed using the @command{gnunet-identity}
+All of your zones can be listed (displayed) using the
-command line tool as well:
+@command{gnunet-identity} command line tool as well:
 @example
 $ gnunet-identity -d
@@ -1528,11 +1579,11 @@ record you want to access).
 @subsection Using Public Keys as Top Level Domains
-GNS also assumes responsibility for any name that uses in a well-formed
+GNS also assumes responsibility for any name that uses in a
-public key for the TLD.  Names ending this way are then resolved by querying
+well-formed public key for the TLD.  Names ending this way are then
-the respective zone. Such public key TLDs are expected to be used under rare
+resolved by querying the respective zone. Such public key TLDs are
-circumstances where globally unique names are required, and for
+expected to be used under rare circumstances where globally unique
-integration with legacy systems.
+names are required, and for integration with legacy systems.
 @node Resource Records in GNS
 @subsection Resource Records in GNS
@@ -1569,18 +1620,31 @@ GNS currently supports the following record types:
 * CNAME::
 * GNS2DNS::
 * SOA SRV PTR and MX::
+* PLACE::
+* PHONE::
+* ID ATTR::
+* ID TOKEN::
+* ID TOKEN METADATA::
+* CREDENTIAL::
+* POLICY::
+* ATTRIBUTE::
+* ABE KEY::
+* ABE MASTER::
+* RECLAIM OIDC CLIENT::
+* RECLAIM OIDC REDIRECT::
 @end menu
 @node NICK
 @subsubsection NICK
-A NICK record is used to give a zone a name. With a NICK record, you can
+A NICK record is used to give a zone a name. With a NICK record, you
-essentially specify how you would like to be called. GNS expects this
+can essentially specify how you would like to be called. GNS expects
-record under the empty label ``@@'' in the zone's database (NAMESTORE); however,
+this record under the empty label ``@@'' in the zone's database
-it will then automatically be copied into each record set, so that
+(NAMESTORE); however, it will then automatically be copied into each
-clients never need to do a separate lookup to discover the NICK record.
+record set, so that clients never need to do a separate lookup to
-Also, users do not usually have to worry about setting the NICK record:
+discover the NICK record.  Also, users do not usually have to worry
-it is automatically set to the local name of the TLD.
+about setting the NICK record: it is automatically set to the local
+name of the TLD.
 @b{Example}@
@@ -1739,6 +1803,66 @@ should use the ZKEY zone as the destination hostname and
 GNS-enabled mail servers should be configured to accept
 e-mails to the ZKEY-zones of all local users.
+@node PLACE
+@subsubsection PLACE
+Record type for a social place.
+@node PHONE
+@subsubsection PHONE
+Record type for a phone (of CONVERSATION).
+@node ID ATTR
+@subsubsection ID ATTR
+Record type for identity attributes (of IDENTITY).
+@node ID TOKEN
+@subsubsection ID TOKEN
+Record type for an identity token (of IDENTITY-TOKEN).
+@node ID TOKEN METADATA
+@subsubsection ID TOKEN METADATA
+Record type for the private metadata of an identity token (of IDENTITY-TOKEN).
+@node CREDENTIAL
+@subsubsection CREDENTIAL
+Record type for credential.
+@node POLICY
+@subsubsection POLICY
+Record type for policies.
+@node ATTRIBUTE
+@subsubsection ATTRIBUTE
+Record type for reverse lookups.
+@node ABE KEY
+@subsubsection ABE KEY
+Record type for ABE records.
+@node ABE MASTER
+@subsubsection ABE MASTER
+Record type for ABE master keys.
+@node RECLAIM OIDC CLIENT
+@subsubsection RECLAIM OIDC CLIENT
+Record type for reclaim OIDC clients.
+@node RECLAIM OIDC REDIRECT
+@subsubsection RECLAIM OIDC REDIRECT
+Record type for reclaim OIDC redirect URIs.
 @node Synchronizing with legacy DNS
 @subsection Synchronizing with legacy DNS
@@ -1769,6 +1893,98 @@ is thus advisable to disable the namecache by setting the
 option ``DISABLE'' to ``YES'' in section ``[namecache]''.
+@node re@:claim Identity Provider
+@section re@:claim Identity Provider
+The re:claim Identity Provider (IdP) is a decentralized IdP service.
+It allows its users to manage and authorize third parties to access their identity attributes such as email or shipping addresses.
+It basically mimics the concepts of centralized IdPs, such as those offered by Google or Facebook.
+Like other IdPs, re:claim features an (optional) OpenID-Connect 1.0-compliant protocol layer that can be used for websites to integrate re:claim as an Identity Provider with little effort.
+@menu
+* Managing Attributes::
+* Sharing Attributes with Third Parties::
+* Revoking Authorizations of Third Parties::
+* Using the OpenID-Connect IdP::
+@end menu
+@node Managing Attributes
+@subsection Managing Attributes
+Before adding attributes to an identity, you must first create an ego:
+@example
+$ gnunet-identity -C "username"
+@end example
+Henceforth, you can manage a new user profile of the user ``username''.
+To add an email address to your user profile, simply use the @command{gnunet-reclaim} command line tool::
+@example
+$ gnunet-reclaim -e "username" -a "email" -V "username@@example.gnunet"
+@end example
+All of your attributes can be listed using the @command{gnunet-reclaim}
+command line tool as well:
+@example
+$ gnunet-reclaim -e "username" -D
+@end example
+Currently, and by default, attribute values are interpreted as plain text.
+In the future there might be more value types such as X.509 certificate credentials.
+@node Sharing Attributes with Third Parties
+@subsection Sharing Attributes with Third Parties
+If you want to allow a third party such as a website or friend to access to your attributes (or a subset thereof) execute:
+@example
+$ gnunet-reclaim -e "username" -r "PKEY" -i "attribute1,attribute2,..."
+@end example
+Where "PKEY" is the public key of the third party and "attribute1,attribute2,..." is a comma-separated list of attribute names, such as "email", that you want to share.
+The command will return a "ticket" string.
+You must give this "ticket" to the requesting third party.
+The third party can then retrieve your shared identity attributes using:
+@example
+$ gnunet-reclaim -e "friend" -C "ticket"
+@end example
+This will retrieve and list the shared identity attributes.
+The above command will also work if the user "username" is currently offline since the attributes are retrieved from GNS.
+Further, the "ticket" can be re-used later to retrieve up-to-date attributes in case "username" has changed the value(s). For instance, becasue his email address changed.
+To list all given authorizations (tickets) you can execute:
+@example
+$ gnunet-reclaim -e "friend" -T (TODO there is only a REST API for this ATM) 
+@end example
+@node Revoking Authorizations of Third Parties
+@subsection Revoking Authorizations of Third Parties
+If you want to revoke the access of a third party to your attributes you can execute:
+@example
+$ gnunet-idp -e "username" -R "ticket"
+@end example
+This will prevent the third party from accessing the attribute in the future.
+Please note that if the third party has previously accessed the attribute, there is not way in which the system could have prevented the thiry party from storing the data.
+As such, only access to updated data in the future can be revoked.
+This behaviour is _exactly the same_ as with other IdPs.
+@node Using the OpenID-Connect IdP
+@subsection Using the OpenID-Connect IdP
+TODO: Document setup and REST endpoints
 @node Using the Virtual Public Network
 @section Using the Virtual Public Network