commit 3db3298302dd2cc4216d1cb0b6d3fbabce7fb0c7 parent 37d9532586e39687e7aad011b79f27a3a015db94 Author: Martin Schanzenbach <schanzen@gnunet.org> Date: Mon, 8 Jun 2026 16:46:37 +0200 more security properties Diffstat:
| M | about.rst | | | 8 | +++++++- |
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/about.rst b/about.rst @@ -230,7 +230,13 @@ GNUnet attemtps to satisfy the following security goals in the face of those adv 2. Confidential communication 3. Anonymity (where possible) -Each :ref:`subsystem <subsystems>` of GNUnet incorporates its own security mechanism taking the existing baseline of the GNUnet network as well as the adversary model into account. + +From the lowest layer to the applications layer, the securty goals and associated subsystems are: + + 1. Base layer (Communicators/TRANSPORT): This layer optionally provides steganographic and ad-hoc security guarantees against external adversaries that largely depend on the communicator(s) used. For example, use of the HTTP3/QUIC communicator will use TLS and try to validate a certificate signed by the peer we want to connect to. Other communicators may not provide the same properties. + 2. Peer connectivity layer (CORE): This layer provides a secure channel between two peers. Peers are mutually authenticated and a secure cryptographic channel is established. It does not assume any security guarantees from the previous layer. It provides confidential communication in the face of an external adversary. + 3. Peer connectivity layer (CADET): This layer provides an end-to-end secure secure cryptographic channel between two peers. It uses advanced cryptographic mechanisms to provide Perfect Forward Secrecy and Post-Compromise Security as well as the option to support out-of-order messages and participation repudiation (deniability). + 4. Application layer: Each :ref:`subsystem <subsystems>` of GNUnet incorporates its own security mechanism taking the existing baseline of the GNUnet network as well as the adversary model into account. See the respective section in the User handbook. Cryptography ------------