commit debb299627e5aefcacf0d8129e51cf1abe5299be
parent 1dccf8a5781fe675248f3e1fc75ea8980027608f
Author: Schanzenbach, Martin <mschanzenbach@posteo.de>
Date: Mon, 9 Sep 2019 22:05:59 +0200
add txt
Diffstat:
1 file changed, 83 insertions(+), 27 deletions(-)
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -69,11 +69,11 @@ Table of Contents
2.4. Serialization format . . . . . . . . . . . . . . . . . . 5
2.5. Internationalization and Character Encoding . . . . . . . 5
2.6. Security Considerations . . . . . . . . . . . . . . . . . 5
- 3. Record Resolution . . . . . . . . . . . . . . . . . . . . . . 5
- 4. Namespace Revocation . . . . . . . . . . . . . . . . . . . . 5
- 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
- 6. Normative References . . . . . . . . . . . . . . . . . . . . 5
- Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 3. Record Resolution . . . . . . . . . . . . . . . . . . . . . . 6
+ 4. Namespace Revocation . . . . . . . . . . . . . . . . . . . . 6
+ 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
+ 6. Normative References . . . . . . . . . . . . . . . . . . . . 6
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
@@ -114,7 +114,7 @@ Schanzenbach Expires 24 January 2020 [Page 2]
Internet-Draft The GNU Name System July 2019
- 0 1 2 3 4 5 6 7
+ 0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
| SIGNATURE |
| |
@@ -157,10 +157,10 @@ Internet-Draft The GNU Name System July 2019
2.1.1. GNS record block data cryptography
- Given a GNS record block a symmetric key "k" is used to en-/decrypt
- "BDATA". The key is derived from the record label "l" and the public
- key "P". Both "l" and "P" are implicity known by the GNS resolver.
- "k" is a 256-bit AES key which is derived as follows.
+ Given a GNS record block a symmetric encryption scheme is used to
+ en-/decrypt "BDATA". The keys are derived from the record label "l"
+ and the public key "P". Both "l" and "P" are implicity known by the
+ GNS resolver. The key material "K" is derived as follows:
@@ -172,13 +172,29 @@ Internet-Draft The GNU Name System July 2019
h := SHA512 (l,P)
d := h*x mod n
- k := HKDF (P,l)
+ K := HKDF (P,l)
"HKDF" is a hash-based key derivation function as defined in
[RFC5869]. For the XTR, we use HMAC-SHA512 and HMAC-SHA256 in PRF as
- proposed in (paper). Using this HKDF, we derive two symmetric AES
- keys "Ka,Kt" from the public key "P" and the record label "l". The
- two symmetric keys are used for a AES+TWOFISH combined cipher:
+ proposed in (paper). Using this HKDF, we derive two symmetric
+ 256-bit keys "Ka,Kt" from "K":
+
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | AES KEY |
+ | |
+ | |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | TWOFISH KEY |
+ | |
+ | |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+
+ Figure 2
+
+ The two symmetric keys are used for a AES+TWOFISH combined cipher:
RDATA := TWOFISH256(Kt, AES256(Ka, BDATA))
@@ -186,7 +202,31 @@ Internet-Draft The GNU Name System July 2019
The RDATA consist of one or more entries in the following format:
- 0 1 2 3 4 5 6 7
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Schanzenbach Expires 24 January 2020 [Page 4]
+�
+Internet-Draft The GNU Name System July 2019
+
+
+ 0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
| EXPIRATION |
+-----+-----+-----+-----+-----+-----+-----+-----+
@@ -204,11 +244,11 @@ Internet-Draft The GNU Name System July 2019
| |
+-----+-----+-----+-----+-----+-----+-----+-----+
- Figure 2
+ Figure 3
The a PKEY DATA entry has the following format:
- 0 1 2 3 4 5 6 7
+ 0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
| PUBLIC KEY |
| |
@@ -216,15 +256,7 @@ Internet-Draft The GNU Name System July 2019
| |
+-----+-----+-----+-----+-----+-----+-----+-----+
- Figure 3
-
-
-
-
-Schanzenbach Expires 24 January 2020 [Page 4]
-�
-Internet-Draft The GNU Name System July 2019
-
+ Figure 4
2.3. Examples
@@ -242,6 +274,14 @@ Internet-Draft The GNU Name System July 2019
TODO
+
+
+
+Schanzenbach Expires 24 January 2020 [Page 5]
+�
+Internet-Draft The GNU Name System July 2019
+
+
3. Record Resolution
TODO
@@ -277,4 +317,20 @@ Author's Address
-Schanzenbach Expires 24 January 2020 [Page 5]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Schanzenbach Expires 24 January 2020 [Page 6]
