gnunet-handbook

The GNUnet Handbook
Log | Files | Refs
commit b6a02e6e7742b575d96ba4f665bec00613467d70
parent d9893bf282d42ba97e55df428d840f24c45f6e30
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Fri,  6 Oct 2023 21:48:27 +0200

add cadet to user docs

Diffstat:

Ausers/cadet.rst | 43+++++++++++++++++++++++++++++++++++++++++++


Musers/index.rst | 3++-


2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/users/cadet.rst b/users/cadet.rst
@@ -0,0 +1,43 @@
+.. _CADET-Subsystem:
+
+CADET
+-----
+
+The Confidential Ad-hoc Decentralized End-to-end Transport (CADET) subsystem
+in GNUnet is responsible for secure end-to-end
+communications between nodes in the GNUnet overlay network. CADET builds
+on the CORE subsystem, which provides for the link-layer communication,
+by adding routing, forwarding, and additional security to the
+connections. CADET offers the same cryptographic services as CORE, but
+on an end-to-end level. This is done so peers retransmitting traffic on
+behalf of other peers cannot access the payload data.
+
+-  CADET provides confidentiality with so-called perfect forward
+   secrecy; we use ECDHE powered by Curve25519 for the key exchange and
+   then use symmetric encryption, encrypting with both AES-256 and
+   Twofish
+
+-  authentication is achieved by signing the ephemeral keys using
+   Ed25519, a deterministic variant of ECDSA
+
+-  integrity protection (using SHA-512 to do encrypt-then-MAC, although
+   only 256 bits are sent to reduce overhead)
+
+-  replay protection (using nonces, timestamps, challenge-response,
+   message counters and ephemeral keys)
+
+-  liveness (keep-alive messages, timeout)
+
+Additional to the CORE-like security benefits, CADET offers other
+properties that make it a more universal service than CORE.
+
+-  CADET can establish channels to arbitrary peers in GNUnet. If a peer
+   is not immediately reachable, CADET will find a path through the
+   network and ask other peers to retransmit the traffic on its behalf.
+
+-  CADET offers (optional) reliability mechanisms. In a reliable channel
+   traffic is guaranteed to arrive complete, unchanged and in-order.
+
+-  CADET takes care of flow and congestion control mechanisms, not
+   allowing the sender to send more traffic than the receiver or the
+   network are able to process.
diff --git a/users/index.rst b/users/index.rst
@@ -1,5 +1,6 @@
+###########
 User Manual
-===========
+###########
 
 This tutorial is supposed to give a first introduction for users trying
 to do something real with GNUnet. Installation and configuration are