commit ff5bd38f5ae3298c6d627ec47303c93c0e21373b
parent e5ebe17c915c48d9466790fb76ef4785f9140f1e
Author: Schanzenbach, Martin <mschanzenbach@posteo.de>
Date: Tue, 10 Sep 2019 18:24:23 +0200
update signatures, refs
Diffstat:
2 files changed, 109 insertions(+), 76 deletions(-)
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -63,17 +63,18 @@ Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Resource records . . . . . . . . . . . . . . . . . . . . . . 2
- 3.1. GNS-specific resource record types . . . . . . . . . . . 3
+ 3.1. Flags . . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 3.2. GNS resource record types . . . . . . . . . . . . . . . . 3
4. Publishing records . . . . . . . . . . . . . . . . . . . . . 4
4.1. Resource records block . . . . . . . . . . . . . . . . . 4
4.1.1. Block data encryption . . . . . . . . . . . . . . . . 6
4.2. Internationalization and Character Encoding . . . . . . . 7
4.3. Security Considerations . . . . . . . . . . . . . . . . . 7
5. Record Resolution . . . . . . . . . . . . . . . . . . . . . . 7
- 6. Namespace Revocation . . . . . . . . . . . . . . . . . . . . 7
- 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
- 8. Normative References . . . . . . . . . . . . . . . . . . . . 7
- Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7
+ 6. Namespace Revocation . . . . . . . . . . . . . . . . . . . . 8
+ 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
+ 8. Normative References . . . . . . . . . . . . . . . . . . . . 8
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
@@ -94,7 +95,7 @@ Table of Contents
The schemes defines that "y := x*P". The public key is used to
uniquely identify and refer to the zone. Records published in the
zone are signed using a private key derived from the private key as
- described in Section XX.
+ described in Section 4.
3. Resource records
@@ -108,7 +109,6 @@ Table of Contents
-
Schanzenbach Expires 24 January 2020 [Page 2]
�
Internet-Draft The GNU Name System July 2019
@@ -139,15 +139,19 @@ Internet-Draft The GNU Name System July 2019
order.
TYPE The resource record type. This type can be one of the GNS
- resource records as defined in Section XX or a DNS record type as
+ resource records as defined in Section 3.2 or a DNS record type as
defined in [RFC1035].
- FLAGS Resource record flags. Flags are defined in Section XX.
+ FLAGS Resource record flags. Flags are defined in Section 3.1.
DATA The resource record data payload. The contents are defined by
the respective type of the resource record.
-3.1. GNS-specific resource record types
+3.1. Flags
+
+ TODO flags
+
+3.2. GNS resource record types
The a PKEY DATA entry has the following format:
@@ -159,10 +163,6 @@ Internet-Draft The GNU Name System July 2019
| |
+-----+-----+-----+-----+-----+-----+-----+-----+
- Figure 2
-
-
-
Schanzenbach Expires 24 January 2020 [Page 3]
@@ -170,6 +170,8 @@ Schanzenbach Expires 24 January 2020 [Page 3]
Internet-Draft The GNU Name System July 2019
+ Figure 2
+
4. Publishing records
GNS resource records are published in a distributed hash table (DHT).
@@ -219,8 +221,6 @@ Internet-Draft The GNU Name System July 2019
-
-
Schanzenbach Expires 24 January 2020 [Page 4]
�
Internet-Draft The GNU Name System July 2019
@@ -254,13 +254,15 @@ Internet-Draft The GNU Name System July 2019
where:
- SIGNATURE A 512-bit ECDSA signature. TODO signature creation?
+ SIGNATURE A 512-bit ECDSA signature. This field contains a 512-bit
+ ECDSA signature over the data following the PUBLIC KEY field. The
+ signature is create using the derived private key "d".
PUBLIC KEY The 256-bit ECC public key "d*P" to be used to verify
SIGNATURE.
- BDATA SIZE A 32-bit value containing the length of the encrypted
- resource records in network byte order.
+ BDATA SIZE A 32-bit value containing the length of the following
+ data (PURPOSE, EXPIRATION, BDATA) in network byte order.
PURPOSE A 32-bit signature purpose flag. This field MUST be 15 (in
network byte order).
@@ -271,8 +273,6 @@ Internet-Draft The GNU Name System July 2019
in microseconds since midnight (0 hour), January 1, 1970 in
network byte order.
- BDATA The encrypted resource records with a total size of "BDATA
- SIZE".
@@ -282,6 +282,9 @@ Schanzenbach Expires 24 January 2020 [Page 5]
Internet-Draft The GNU Name System July 2019
+ BDATA The encrypted resource records with a total size of "BDATA
+ SIZE".
+
4.1.1. Block data encryption
Given a GNS record block a symmetric encryption scheme is used to
@@ -320,6 +323,21 @@ Internet-Draft The GNU Name System July 2019
Similarly, we divide "IV" into a 128-bit initialization vector IVaes
and a 128-bit initialization vector IVtwo:
+
+
+
+
+
+
+
+
+
+
+Schanzenbach Expires 24 January 2020 [Page 6]
+�
+Internet-Draft The GNU Name System July 2019
+
+
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
| AES IV (IVaes) |
@@ -331,18 +349,29 @@ Internet-Draft The GNU Name System July 2019
Figure 5
+ The symmetric keys and IVs are used for a AES+TWOFISH combined
+ cipher. Both ciphers are used in CFB (ref) mode.
+ RDATA := AES(Kaes, IVaes, TWOFISH(Ktwo, IVtwo, BDATA))
+ BDATA := TWOFISH(Ktwo, IVtwo, AES(Kaes, IVaes, RDATA))
-Schanzenbach Expires 24 January 2020 [Page 6]
-�
-Internet-Draft The GNU Name System July 2019
+ The decrypted RDATA has the following format:
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | RR COUNT | RRs |
+ +-----+-----+-----+-----+ /
+ / /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
- The symmetric keys and IVs are used for a AES+TWOFISH combined
- cipher. Both ciphers are used in CFB (ref) mode.
+ Figure 6
- RDATA := AES256(Kaes, IVaes, TWOFISH256(Ktwo, IVtwo, BDATA))
- BDATA := TWOFISH256(Ktwo, IVtwo, AES256(Kaes, IVaes, RDATA))
+ where:
+
+ RR COUNT A 32-bit value containing the number of resource records
+ which are following.
+
+ RR A set of resoure records as defined in Section 3.
4.2. Internationalization and Character Encoding
@@ -356,6 +385,15 @@ Internet-Draft The GNU Name System July 2019
TODO
+
+
+
+
+Schanzenbach Expires 24 January 2020 [Page 7]
+�
+Internet-Draft The GNU Name System July 2019
+
+
6. Namespace Revocation
TODO
@@ -385,15 +423,6 @@ Author's Address
GNUnet e.V.
Boltzmannstrasse 3
85748 Garching
-
-
-
-
-Schanzenbach Expires 24 January 2020 [Page 7]
-�
-Internet-Draft The GNU Name System July 2019
-
-
Germany
Email: schanzen@gnunet.org
@@ -416,33 +445,4 @@ Internet-Draft The GNU Name System July 2019
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Schanzenbach Expires 24 January 2020 [Page 8]
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -63,7 +63,7 @@
The schemes defines that "y := x*P".
The public key is used to uniquely identify and refer to the zone.
Records published in the zone are signed using a private key derived
- from the private key as described in Section XX.
+ from the private key as described in <xref target="publish" />.
</t>
</section>
<section anchor="rrecords" numbered="true" toc="default">
@@ -104,12 +104,12 @@
<dt>TYPE</dt>
<dd>
The resource record type. This type can be one of the GNS resource
- records as defined in Section XX or a DNS record type as defined in
- <xref target="RFC1035" />.
+ records as defined in <xref target="gnsrecords" /> or a DNS record
+ type as defined in <xref target="RFC1035" />.
</dd>
<dt>FLAGS</dt>
<dd>
- Resource record flags. Flags are defined in Section XX.
+ Resource record flags. Flags are defined in <xref target="flags" />.
</dd>
<dt>DATA</dt>
<dd>
@@ -117,8 +117,13 @@
respective type of the resource record.
</dd>
</dl>
+ <section anchor="flags" numbered="true" toc="default">
+ <name>Flags</name>
+
+ <t>TODO flags</t>
+ </section>
<section anchor="gnsrecords" numbered="true" toc="default">
- <name>GNS-specific resource record types</name>
+ <name>GNS resource record types</name>
<t>The a PKEY DATA entry has the following format:</t>
<figure anchor="figure_pkeyrecord">
@@ -210,7 +215,9 @@
<dl>
<dt>SIGNATURE</dt>
<dd>
- A 512-bit ECDSA signature. TODO signature creation?
+ A 512-bit ECDSA signature. This field contains a 512-bit ECDSA
+ signature over the data following the PUBLIC KEY field.
+ The signature is create using the derived private key "d".
</dd>
<dt>PUBLIC KEY</dt>
<dd>
@@ -218,8 +225,8 @@
</dd>
<dt>BDATA SIZE</dt>
<dd>
- A 32-bit value containing the length of the encrypted resource
- records in network byte order.
+ A 32-bit value containing the length of the following data (PURPOSE,
+ EXPIRATION, BDATA) in network byte order.
</dd>
<dt>PURPOSE</dt>
<dd>
@@ -303,9 +310,35 @@
cipher. Both ciphers are used in CFB (ref) mode.
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
- RDATA := AES256(Kaes, IVaes, TWOFISH256(Ktwo, IVtwo, BDATA))
- BDATA := TWOFISH256(Ktwo, IVtwo, AES256(Kaes, IVaes, RDATA))
+ RDATA := AES(Kaes, IVaes, TWOFISH(Ktwo, IVtwo, BDATA))
+ BDATA := TWOFISH(Ktwo, IVtwo, AES(Kaes, IVaes, RDATA))
]]></artwork>
+ <t>
+ The decrypted RDATA has the following format:
+ </t>
+ <figure anchor="figure_rdata">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | RR COUNT | RRs |
+ +-----+-----+-----+-----+ /
+ / /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ ]]></artwork>
+ <!-- <postamble>which is a very simple example.</postamble>-->
+ </figure>
+ <t>where:</t>
+ <dl>
+ <dt>RR COUNT</dt>
+ <dd>
+ A 32-bit value containing the number of resource records which are
+ following.
+ </dd>
+ <dt>RR</dt>
+ <dd>
+ A set of resoure records as defined in <xref target="rrecords" />.
+ </dd>
+ </dl>
</section>
</section>
