commit b5db613f563c38d3861be6bebd49f134d324228b
parent 0cd18093affb44f01f4cf7e99322091055af390e
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Sat, 29 Jan 2022 16:42:11 +0100
change sha reference
Diffstat:
1 file changed, 40 insertions(+), 21 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -12,6 +12,7 @@
<!ENTITY RFC5869 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5869.xml">
<!ENTITY RFC5890 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml">
<!ENTITY RFC5891 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5891.xml">
+<!ENTITY RFC6234 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6234.xml">
<!ENTITY RFC6781 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6781.xml">
<!ENTITY RFC6895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6895.xml">
<!ENTITY RFC6979 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6979.xml">
@@ -82,7 +83,8 @@
<abstract>
<t>
This document contains the GNU Name System (GNS) technical
- specification. GNS is a decentralized and censorship-resistant name
+ specification.
+ GNS is a decentralized and censorship-resistant name
system that provides a privacy-enhancing alternative to the Domain
Name System (DNS).
</t>
@@ -115,6 +117,11 @@
DNS was not designed with security as a goal. This makes it very
vulnerable, especially to attackers that have the technical capabilities
of an entire nation state at their disposal.
+ While a wider discussion of this issue is out of scope for this document,
+ analyses and investigations can be found in recent academic research
+ works including <xref target="SecureNS"/>.
+ </t>
+ <t>
This specification describes a censorship-resistant, privacy-preserving
and decentralized name system: The GNU Name System (GNS) <xref target="GNS" />.
It is designed to provide a secure, privacy-enhancing alternative to
@@ -946,8 +953,8 @@ zk' := (h mod L) * zk
]]></artwork>
<t>
The PKEY cryptosystem uses a hash-based key derivation function (HKDF) as defined in
- <xref target="RFC5869" />, using SHA-512 <xref target="SHS"/> for the extraction
- phase and SHA-256 <xref target="SHS"/> for the expansion phase.
+ <xref target="RFC5869" />, using SHA-512 <xref target="RFC6234"/> for the extraction
+ phase and SHA-256 <xref target="RFC6234"/> for the expansion phase.
PRK_h is key material retrieved using an HKDF using the string
"key-derivation" as salt and the zone key as initial
keying material.
@@ -984,8 +991,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
]]></artwork>
<t>
HKDF is a hash-based key derivation function as defined in
- <xref target="RFC5869" />. Specifically, SHA-512 <xref target="SHS"/> is used for the
- extraction phase and SHA-256 <xref target="SHS"/> for the expansion phase.
+ <xref target="RFC5869" />. Specifically, SHA-512 <xref target="RFC6234"/> is used for the
+ extraction phase and SHA-256 <xref target="RFC6234"/> for the expansion phase.
The output keying material is 32 bytes (256 bits) for the symmetric
key and 4 bytes (32 bits) for the nonce.
The symmetric key K is a 256-bit AES <xref target="RFC3826" /> key.
@@ -1129,8 +1136,8 @@ zk' := h * zk
<t>
The EDKEY cryptosystem uses a
hash-based key derivation function (HKDF) as defined in
- <xref target="RFC5869" />, using SHA-512 <xref target="SHS"/> for the extraction
- phase and HMAC-SHA256 <xref target="SHS"/> for the expansion phase.
+ <xref target="RFC5869" />, using SHA-512 <xref target="RFC6234"/> for the extraction
+ phase and HMAC-SHA256 <xref target="RFC6234"/> for the expansion phase.
PRK_h is key material retrieved using an HKDF using the string
"key-derivation" as salt and the zone key as initial
keying material.
@@ -1203,8 +1210,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
]]></artwork>
<t>
HKDF is a hash-based key derivation function as defined in
- <xref target="RFC5869" />. Specifically, SHA-512 <xref target="SHS"/> is used for the
- extraction phase and SHA-256 <xref target="SHS"/> for the expansion phase.
+ <xref target="RFC5869" />. Specifically, SHA-512 <xref target="RFC6234"/> is used for the
+ extraction phase and SHA-256 <xref target="RFC6234"/> for the expansion phase.
The output keying material is 32 bytes (256 bits) for the symmetric
key and 16 bytes (128 bits) for the NONCE.
The symmetric key K is a 256-bit XSalsa20
@@ -1526,7 +1533,7 @@ q := SHA-512 (HDKD-Public(zk, label))
<dd>
Is the 512-bit storage key under which the resource records block is
published.
- It is the SHA-512 hash <xref target="SHS"/> over the derived zone key.
+ It is the SHA-512 hash <xref target="RFC6234"/> over the derived zone key.
</dd>
</dl>
</section>
@@ -2718,6 +2725,7 @@ cae1789d
&RFC5869;
&RFC5890;
&RFC5891;
+ &RFC6234;
&RFC6895;
&RFC6979;
&RFC7748;
@@ -2736,17 +2744,6 @@ cae1789d
</front>
</reference>
- <reference anchor="SHS" target="https://doi.org/10.6028/NIST.FIPS.180-4">
- <front>
- <title>Secure Hash Standard (SHS)</title>
- <author initials="Q. H." surname="Dang" fullname="Quynh H. Dang">
- <organization>NIST</organization>
- </author>
-
- <date year="2012" month="March"/>
- </front>
- </reference>
-
<reference anchor="MODES" target="https://doi.org/10.6028/NIST.SP.800-38A">
<front>
<title>Recommendation for Block Cipher Modes of Operation: Methods and Techniques</title>
@@ -2934,6 +2931,28 @@ cae1789d
<date year="2011"/>
</front>
</reference>
+ <reference anchor="SecureNS" target="https://sci-hub.st/https://doi.org/10.1016/j.cose.2018.01.018">
+ <front>
+ <title>Towards secure name resolution on the Internet</title>
+ <author initials="C." surname="Grothoff"
+ fullname="Christian Grothoff">
+ <organization>Bern University of Applied Sciences</organization>
+ </author>
+ <author initials="M." surname="Wachs"
+ fullname="Matthias Wachs">
+ <organization>Technische Universität München</organization>
+ </author>
+ <author initials="M." surname="Ermert"
+ fullname="Monika Ermert">
+ </author>
+
+ <author initials="J." surname="Appelbaum"
+ fullname="Jacob Appelbaum">
+ <organization>TU Eindhoven</organization>
+ </author>
+ <date year="2018"/>
+ </front>
+ </reference>
<reference anchor="GNUnetGNS" target="https://git.gnunet.org/gnunet.git/tree/src/gns">
<front>
