lsd0001

LSD0001: GNU Name System
Log | Files | Refs | README
commit 366ccb831d9ec0dfe23c377ff5fe2533ac256654
parent 7a441146f41ac2eba8531e9ce5d16c1d7feacfa5
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Sun, 19 Dec 2021 11:55:06 +0100

privacy

Diffstat:

Mdraft-schanzen-gns.xml | 31+++++++++++++++++--------------


1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -1977,20 +1977,6 @@ example.com = zk2
            data changes. For example. the expiration time may be increased
            by a single microsecond.
          </t>
-         <t>
-           Record blocks are published encrypted using keys derived from the
-           zone public key and record label. Zone administrators should
-           carefully consider if the label may be public or if it should be
-           used and considered as a shared secret. Labels can be guessed by
-           an attacker in the network observing queries and responses. Given
-           a targeted zone public key, the use of well known or easily guessable
-           labels effectively result in general disclosure of the records to
-           the public.
-           If the labels and hence the records should be kept secret except to
-           those knowing a secret label and the zone in which to look, the
-           label must be chosen accordingly. It is recommended to then use a
-           label with sufficient entropy as to prevent guessing attacks.
-         </t>
        </section>
        <section anchor="security_abuse" numbered="true" toc="default">
          <name>Abuse Mitigation</name>
@@ -2091,6 +2077,23 @@ example.com = zk2
            migrated to the replacement.
          </t>
        </section>
+       <section anchor="privacy_labels" numbered="true" toc="default">
+         <name>Label Guessing</name>
+         <t>
+           Record blocks are published encrypted using keys derived from the
+           zone public key and record label. Zone administrators should
+           carefully consider if the label may be public or if it should be
+           used and considered as a shared secret. Labels can be guessed by
+           an attacker in the network observing queries and responses. Given
+           a targeted zone public key, the use of well known or easily guessable
+           labels effectively result in general disclosure of the records to
+           the public.
+           If the labels and hence the records should be kept secret except to
+           those knowing a secret label and the zone in which to look, the
+           label must be chosen accordingly. It is recommended to then use a
+           label with sufficient entropy as to prevent guessing attacks.
+         </t>
+       </section>
      </section>
      <section anchor="gana" numbered="true" toc="default">
        <name>GANA Considerations</name>