diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/documentation/chapters/philosophy.texi | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/doc/documentation/chapters/philosophy.texi b/doc/documentation/chapters/philosophy.texi index f6fe8df7b..af273fec6 100644 --- a/doc/documentation/chapters/philosophy.texi +++ b/doc/documentation/chapters/philosophy.texi | |||
@@ -2,6 +2,9 @@ | |||
2 | @node Philosophy | 2 | @node Philosophy |
3 | @chapter Philosophy | 3 | @chapter Philosophy |
4 | 4 | ||
5 | @c NOTE: We should probably re-use some of the images lynX created | ||
6 | @c for secushare, showing some of the relations and functionalities | ||
7 | @c of GNUnet. | ||
5 | The foremost goal of the GNUnet project is to become a widely used, | 8 | The foremost goal of the GNUnet project is to become a widely used, |
6 | reliable, open, non-discriminating, egalitarian, unfettered and | 9 | reliable, open, non-discriminating, egalitarian, unfettered and |
7 | censorship-resistant system of free information exchange. | 10 | censorship-resistant system of free information exchange. |
@@ -32,7 +35,12 @@ decentralized Internet protocols. | |||
32 | These are the core GNUnet design goals, in order of relative importance: | 35 | These are the core GNUnet design goals, in order of relative importance: |
33 | 36 | ||
34 | @itemize | 37 | @itemize |
35 | @item GNUnet must be implemented as free software. | 38 | @item GNUnet must be implemented as |
39 | @uref{https://www.gnu.org/philosophy/free-sw.html, Free Software} | ||
40 | @c To footnote or not to footnote, that's the question. | ||
41 | @footnote{This means that you you have the four essential freedoms: to run | ||
42 | the program, to study and change the program in source code form, | ||
43 | to redistribute exact copies, and to distribute modified versions.} | ||
36 | @item GNUnet must only disclose the minimal amount of information | 44 | @item GNUnet must only disclose the minimal amount of information |
37 | necessary. | 45 | necessary. |
38 | @item GNUnet must be decentralised and survive Byzantine failures in any | 46 | @item GNUnet must be decentralised and survive Byzantine failures in any |
@@ -124,6 +132,8 @@ with the goals of the group is always preferable. | |||
124 | @section Key Concepts | 132 | @section Key Concepts |
125 | 133 | ||
126 | In this section, the fundamental concepts of GNUnet are explained. | 134 | In this section, the fundamental concepts of GNUnet are explained. |
135 | @c FIXME: Use @uref{https://docs.gnunet.org/whatever/, research papers} | ||
136 | @c once we have the new bibliography + subdomain setup. | ||
127 | Most of them are also described in our research papers. | 137 | Most of them are also described in our research papers. |
128 | First, some of the concepts used in the GNUnet framework are detailed. | 138 | First, some of the concepts used in the GNUnet framework are detailed. |
129 | The second part describes concepts specific to anonymous file-sharing. | 139 | The second part describes concepts specific to anonymous file-sharing. |
@@ -146,15 +156,24 @@ The second part describes concepts specific to anonymous file-sharing. | |||
146 | Almost all peer-to-peer communications in GNUnet are between mutually | 156 | Almost all peer-to-peer communications in GNUnet are between mutually |
147 | authenticated peers. The authentication works by using ECDHE, that is a | 157 | authenticated peers. The authentication works by using ECDHE, that is a |
148 | DH key exchange using ephemeral eliptic curve cryptography. The ephemeral | 158 | DH key exchange using ephemeral eliptic curve cryptography. The ephemeral |
149 | ECC keys are signed using ECDSA. The shared secret from ECDHE is used to | 159 | ECC (Eliptic Curve Cryptography) keys are signed using ECDSA. |
150 | create a pair of session keys (using HKDF) which are then used to encrypt | 160 | @c FIXME: Long word for ECDSA |
151 | the communication between the two peers using both 256-bit AES and 256-bit | 161 | The shared secret from ECDHE is used to create a pair of session keys |
152 | Twofish (with independently derived secret keys). As only the two | 162 | @c FIXME: LOng word for HKDF |
153 | participating hosts know the shared secret, this authenticates each packet | 163 | (using HKDF) which are then used to encrypt the communication between the |
164 | @c FIXME: AES | ||
165 | two peers using both 256-bit AES | ||
166 | @c FIXME: Twofish | ||
167 | and 256-bit Twofish (with independently derived secret keys). | ||
168 | As only the two participating hosts know the shared secret, this | ||
169 | authenticates each packet | ||
170 | @c FIXME SHA. | ||
154 | without requiring signatures each time. GNUnet uses SHA-512 hash codes to | 171 | without requiring signatures each time. GNUnet uses SHA-512 hash codes to |
155 | verify the integrity of messages. | 172 | verify the integrity of messages. |
156 | 173 | ||
157 | In GNUnet, the identity of a host is its public key. For that reason, | 174 | In GNUnet, the identity of a host is its public key. For that reason, |
175 | @c FIXME: is it clear to the average reader what a man-in-the-middle | ||
176 | @c attack is? | ||
158 | man-in-the-middle attacks will not break the authentication or accounting | 177 | man-in-the-middle attacks will not break the authentication or accounting |
159 | goals. Essentially, for GNUnet, the IP of the host has nothing to do with | 178 | goals. Essentially, for GNUnet, the IP of the host has nothing to do with |
160 | the identity of the host. As the public key is the only thing that truly | 179 | the identity of the host. As the public key is the only thing that truly |