lsd0001

LSD0001: GNU Name System
Log | Files | Refs | README
commit bbe411fbfc58a0b6169d6f3c0ff1124e8b5b0f2d
parent 75668c704dddd9607837ff7a938d4cee3796b24a
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date:   Mon, 18 May 2020 09:32:54 +0200

Merge branch 'master' of ssh://gnunet.org/lsd0001

Diffstat:

Mdraft-schanzen-gns.xml | 55+++++++++++++++++++++++++++++++++++++++++++------------


1 file changed, 43 insertions(+), 12 deletions(-)

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -6,9 +6,11 @@
 <!ENTITY RFC2782 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2782.xml">
 <!ENTITY RFC3629 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3629.xml">
 <!ENTITY RFC3826 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3826.xml">
+<!ENTITY RFC3912 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3912.xml">
 <!ENTITY RFC5869 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5869.xml">
 <!ENTITY RFC5890 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml">
 <!ENTITY RFC5891 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5891.xml">
+<!ENTITY RFC6781 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6781.xml">
 <!ENTITY RFC6895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6895.xml">
 <!ENTITY RFC6979 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6979.xml">
 <!ENTITY RFC7748 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7748.xml">
@@ -1152,7 +1154,7 @@ T := 64 /* Tag (=output) length in bytes */
 p := 1 /* Parallelization parameter */
 v := 0x13 /* Version */
 y := 0 /* Type (Argon2d) */
-X, K is unused
+X, K are unused
          ]]></artwork>
        <t>
          The following is the message string "P" on which the PoW is
@@ -1276,7 +1278,9 @@ X, K is unused
          <dt>POW_i</dt>
          <dd>
            The values calculated as part of the PoW. Each POW_i MUST
-           be unique in the set of POW values.
+           be unique in the set of POW values. To facilitate fast verification
+           of uniqueness, the POW values must be given in strictly
+           monotonically increasing order in the message.
          </dd>
          <dt>SIGNATURE</dt>
          <dd>
@@ -1450,6 +1454,18 @@ example.com = zk2
            this document will be issued from time to time to reflect the current
            best practices in this area.
          </t>
+         <t>
+           GNS uses ECDSA over Curve25519. This is an unconventional choice,
+           as ECDSA is usually used with other curves.  However, traditional
+           ECDSA curves are problematic for a range of reasons described in
+           the Curve25519 and EdDSA papers.  Using EdDSA directly is also
+           not possible, as a hash function is used on the private key which
+           destroys the linearity that the GNU Name System depends upon.
+           We are not aware of anyone suggesting that using Curve25519 instead
+           of another common curve of similar size would lower the security of
+           ECDSA.  GNS uses 256-bit curves because that way the encoded (public)
+           keys fit into a single DNS label, which is good for usability.
+         </t>
        </section>
        <section anchor="security_abuse" numbered="true" toc="default">
          <name>Abuse mitigation</name>
@@ -1468,6 +1484,7 @@ example.com = zk2
            However, the same mechanisms can also be abused in order to impose
            state censorship, which ist one of the motivations behind GNS.
            Hence, such a seizure is, by design, difficult to impossible in GNS.
+           In particular, GNS does not support WHOIS (<xref target="RFC3912" />).
          </t>
        </section>
        <section anchor="security_keymanagement" numbered="true" toc="default">
@@ -1475,11 +1492,13 @@ example.com = zk2
          <t>
            In GNS, zone administrators need to manage and protect their zone
            keys. Once a zone key is lost it cannot be recovered. Once it is
-           compromised it cannot be revoked (unless a revocation was
+           compromised it cannot be revoked (unless a revocation message was
            pre-calculated and is still available).
            Zone administrators, and for GNS this includes end-users, are
            required to responsibly and dilligently protect their cryptographic
-           keys.
+           keys.  Offline signing is in principle possible, but GNS does not
+           support separate zone signing and key-signing keys
+           (as in <xref target="RFC6781" />) in order to provide usable security.
          </t>
          <t>
            Similarly, users are required to manage their local root zone.
@@ -1519,16 +1538,16 @@ example.com = zk2
            key is lost, compromised or replaced in the furture.
            Pre-calculated revocations may become invalid due to expirations
            or protocol changes such as epoch adjustments.
-           Conseuquently, implementors and users must make precautions in order
+           Consequently, implementors and users must make precautions in order
            to manage revocations accordingly.
          </t>
          <t>
            Revocation payloads do NOT include a 'new' key for key replacement.
-           In inclusion of such a key would have two major disadvantages:
+           Inclusion of such a key would have two major disadvantages:
          </t>
          <t>
            If revocation is used after a private key was compromised,
-           allowing key replacement would be dangerous, because if an
+           allowing key replacement would be dangerous: if an
            adversary took over the private key, the adversary could then
            broadcast a revocation with a key replacement. For the replacement,
            the compromised owner would have no chance to issue even a
@@ -1548,11 +1567,11 @@ example.com = zk2
          </t>
        </section>
      </section>
-     <section anchor="iana" numbered="true" toc="default">
+     <section anchor="gana" numbered="true" toc="default">
        <name>GANA Considerations</name>
        <t>
          GANA is requested to create an "GNU Name System Record Types" registry.
-The registry shall record for each entry:
+         The registry shall record for each entry:
        </t>
        <ul>
          <li>Name: The name of the record type (case-insensitive ASCII
@@ -1581,11 +1600,21 @@ Number | Name    | Contact | References | Description
 65540  | GNS2DNS | N/A     | [This.I-D] | Delegation to DNS
 65541  | BOX     | N/A     | [This.I-D] | Boxed record
            ]]></artwork>
-         <!--        <postamble>which is a very simple example.</postamble>-->
        </figure>
-
+       <t>
+         GANA is requested to amend the "GNUnet Signature Purpose" registry
+         as follows:
+       </t>
+       <figure anchor="figure_purposenums">
+         <artwork name="" type="" align="left" alt=""><![CDATA[
+Purpose | Name            | References | Description
+--------+-----------------+------------+--------------------------
+  3     | GNS_REVOCATION  | [This.I-D] | GNS zone key revocation
+ 15     | GNS_RECORD_SIGN | [This.I-D] | GNS record set signature
+           ]]></artwork>
+       </figure>
      </section>
-     <!-- iana -->
+     <!-- gana -->
      <section>
        <name>Test Vectors</name>
        <t>
@@ -1677,9 +1706,11 @@ an1xB0eaIb6bSkuJ8aabl+3b3YBvYkMPu1XRVt+YpCM=
        &RFC2119;
        &RFC3629;
        &RFC3826;
+       &RFC3912;
        &RFC5869;
        &RFC5890;
        &RFC5891;
+       &RFC6781;
        &RFC6895;
        &RFC6979;
        &RFC7748;