presentations

Presentations
Log | Files | Refs

gns.tex (7959B)

      1 \documentclass[aspectratio=169]{beamer}
      2 \usepackage{appendixnumberbeamer}
      3 \usepackage{mathtools}
      4 \usetheme{metropolis}           % Use metropolis theme
      5 \definecolor{fhggreen}{RGB}{23,156,125}
      6 \let\oldemph\textbf
      7 \renewcommand{\textbf}[1]{{\color{mLightBrown}\oldemph{#1}}}
      8 
      9 \usepackage{blkarray}
     10 \usepackage{amsmath}
     11 \usepackage{multirow}
     12 \title{\includegraphics[width=0.2\textwidth]{gns-logo.png}\\\small{The GNU Name System}}
     13 \date{2023-09-27}
     14 \author{Bernd Fix, Christian Grothoff, \textbf{Martin Schanzenbach}}
     15 %\institute{\includegraphics[width=.25\textwidth]{aisec_logo.pdf}}
     16 
     17 \graphicspath{{figures/}}
     18 
     19 \begin{document}
     20 \metroset{block=fill,sectionpage=progressbar,numbering=counter}
     21 \maketitle
     22 
     23 \begin{frame}{Directories / DNS}
     24   $$
     25     \mathrlap{\overbrace{\phantom{\text{www}}}^{\text{Label}}}
     26     \text{www}
     27     \mathrlap{\underbrace{{\color{fhggreen}\phantom{\text{.example.com}}}}_{\text{Namespace}}}
     28     {\color{fhggreen}\text{.example.com}}
     29   $$
     30 \end{frame}
     31 
     32 \begin{frame}{The .alt TLD}
     33   Whats wrong with DNS? See RFC 8324\footnote{DNS Privacy, Authorization, Special Uses, Encoding, Characters,
     34           Matching, and Root Structure: Time for Another Look?}:
     35   \begin{itemize}
     36     \item No \textbf{query privacy}.
     37     \item A \textbf{single hierarchy with a centrally controlled root}.
     38     \item Requires management/maintenance of \textbf{root servers}.
     39     \item etc\ldots
     40   \end{itemize}
     41   DNSSEC and other ``patches'' do not or in adequately address the issues: ``[the existing solutions for DNS are] security patches rather than designed-in
     42    security or privacy mechanisms''.
     43 \end{frame}
     44 
     45 \begin{frame}{Directories / GNS}
     46   $$
     47     \mathrlap{\overbrace{\phantom{\text{www}}}^{\text{Label}}}
     48     \text{www}
     49     \mathrlap{\underbrace{{\color{fhggreen}\phantom{\text{.myzone.gns.alt}}}}_{\text{Namespace}}}
     50     {\color{fhggreen}\text{.myzone.gns.alt}}
     51   $$
     52 \end{frame}
     53 
     54 \begin{frame}{The .alt TLD}
     55   Why ``.gns.alt''?
     56   \begin{itemize}
     57     \item RFC9476: ``The .alt Special-Use Top-Level Domain'' defines the TLD to be used for alternative (from the point of view of DNS) name systems.
     58     \item RFC9476 does \textbf{not} define a registry for ``.alt''-subdomains.
     59     \item We manage a ``.alt'' registry at \url{https://gana.gnunet.org}~\footnote{If you ever need a registry for your protocol feel free to approach us!} which already includes a code point for ``.gns.alt''.
     60     \item To prevent shadowing of DNS names, it is recommended to use the ``.gns.alt'' suffix.
     61     \item Sometimes (e.g. censorship-overrides) you may not want to do that.
     62   \end{itemize}
     63 \end{frame}
     64 
     65 \begin{frame}{The GNU Name System}
     66   \begin{itemize}
     67     \item Namespaces are created and uniquely identified using \textbf{public zone keys}.
     68     \item \textbf{Records} are grouped by \textbf{label}, encrypted, signed, and published in a key-value store (usually, a DHT\footnote{\url{https://datatracker.ietf.org/doc/draft-schanzen-r5n/}}).
     69     \item Supported zone types and crypto (for now):
     70       \begin{itemize}
     71         \item PKEY: ECDSA+CTR-AES-256
     72         \item EDKEY: EdDSA+XSalsa20-Poly1305
     73       \end{itemize}
     74   \end{itemize}
     75   \centering
     76   \includegraphics[width=1\textwidth]{GNS-BlockCreation-0}
     77 \end{frame}
     78 
     79 \begin{frame}{Zone management}
     80   \includegraphics[height=0.9\textheight]{deleg0.pdf}
     81 \end{frame}
     82 
     83 
     84 \begin{frame}{Name resolution}
     85   \includegraphics[height=0.9\textheight]{deleg1.pdf}
     86 \end{frame}
     87 
     88 
     89 \begin{frame}{Name resolution}
     90   \includegraphics[height=0.9\textheight]{deleg2.pdf}
     91 \end{frame}
     92 
     93 
     94 \begin{frame}{How do we bootstrap the top-level zones?}
     95   \includegraphics[height=0.9\textheight]{deleg3.pdf}
     96 \end{frame}
     97 
     98 
     99 \begin{frame}[fragile]{The Start Zone}
    100   ``Hyper-hyper local root'' concept we call the \textbf{Start Zone}:
    101   \begin{itemize}
    102     \item Start Zone contains so-called \textbf{suffix-to-zone}-mappings.
    103     \item Implementation ships with an \emph{initial} Start Zone configuration.
    104     \item Start Zone is configurable \emph{locally} at \emph{each} endpoint.
    105     \item User override/extension of mappings at top-level or subdomain-level for:
    106       \begin{itemize}
    107         \item Circumvent censorship if necessary.
    108         \item Private networks.
    109       \end{itemize}
    110   \end{itemize}
    111 \end{frame}
    112 
    113 \begin{frame}[fragile]{The Start Zone}
    114   Example suffix-to-zone mappings:
    115   \begin{small}
    116   \begin{verbatim}
    117 # Some TLDs
    118 .com = 000G001MF6DVMZZ4Y8XRZQDXM1PB3D3VGEK29ZHXBA57EPSNW1QBPKT8J0
    119 .myzone.gns.alt = 000G007FKSA876G6SNDF8VA7YK1DJE96RPPBHRT2X55Q13M2T4YKNYT3DG
    120 # Some subdomain overrides
    121 .gnu.org = 000G001223Q8ZJZBSK6XT2DWV6PE5B1W436D2NB7ZBR9XSXT7TFJHCDB24
    122 .gnunet.gns.alt = 000G0047M3HN599H57MPXZK4VB59SWK4M9NRD68E1JQFY3RWAHDMKAPN30
    123   \end{verbatim}
    124   \end{small}
    125 \end{frame}
    126 
    127 
    128 \begin{frame}{Possible Governance Models}
    129   \begin{itemize}
    130     \item Non-profit organization.
    131     \item Multi-stakeholder model: Board, supporting organizations, \ldots
    132     \item Examples for possible stakeholders:
    133       \begin{itemize}
    134         \item Software and OS Distributors
    135         \item Browser vendors
    136         \item Governments
    137       \end{itemize}
    138     \item Funding options:
    139       \begin{itemize}
    140         \item Applications for new top-level domains.
    141         \item Registrations of new top-level domains.
    142         \item \ldots
    143       \end{itemize}
    144   \end{itemize}
    145 \end{frame}
    146 
    147 \begin{frame}{Hiding information inside GNS}
    148   \begin{itemize}
    149     \item GNS's crypto allows you to hide resource records.
    150     \item It requires either
    151       \begin{itemize}
    152         \item the use of a label with sufficient entropy (a shared secret) or
    153         \item the use of a secret zone.
    154       \end{itemize}
    155   \end{itemize}
    156   $$
    157     \mathrlap{\overbrace{\phantom{\text{ohcoxaiShaingahd}}}^{\text{Secret label}}}
    158     \text{ohcoxaiehaingahd}
    159     \mathrlap{\underbrace{{\color{fhggreen}\phantom{\text{.my.zone}}}}_{\text{Namespace}}}
    160     {\color{fhggreen}\text{.my.zone}}
    161   $$
    162 \end{frame}
    163 
    164 
    165 \begin{frame}{Encrypt}
    166   \centering
    167   \includegraphics[width=1\textwidth]{GNS-BlockCreation-1}
    168 \end{frame}
    169 
    170 \begin{frame}{Sign}
    171   \centering
    172   \includegraphics[height=0.9\textheight]{GNS-BlockCreation-2}
    173 \end{frame}
    174 
    175 \begin{frame}{Derive}
    176   \centering
    177   \includegraphics[height=0.9\textheight]{GNS-BlockCreation-3}
    178 \end{frame}
    179 
    180 \begin{frame}{Combine and publish}
    181   \centering
    182   \includegraphics[width=1\textwidth]{GNS-BlockCreation-4}
    183 \end{frame}
    184 
    185 \begin{frame}{Query}
    186   \centering
    187   \includegraphics[height=0.9\textheight]{GNS-BlockValidation-0}
    188 \end{frame}
    189 
    190 \begin{frame}{Retrieve}
    191   \centering
    192   \includegraphics[height=0.9\textheight]{GNS-BlockValidation-1}
    193 \end{frame}
    194 
    195 \begin{frame}{Verify}
    196   \centering
    197   \includegraphics[height=0.9\textheight]{GNS-BlockValidation-2}
    198 \end{frame}
    199 
    200 \begin{frame}{Decrypt}
    201   \centering
    202   \includegraphics[height=0.9\textheight]{GNS-BlockValidation-3}
    203 \end{frame}
    204 
    205 \begin{frame}{Decrypt}
    206   \centering
    207   \includegraphics[height=0.9\textheight]{GNS-BlockValidation-4}
    208 \end{frame}
    209 
    210 \begin{frame}{Status}
    211   \begin{itemize}
    212     \item Specification efforts:
    213       \begin{itemize}
    214         \item \url{https://datatracker.ietf.org/doc/draft-schanzen-gns/} -- Will become RFC soon (TM).
    215         \item \url{https://datatracker.ietf.org/doc/draft-schanzen-r5n/} -- Is being worked on.
    216       \end{itemize}
    217     \item Reference implementation in C (part of GNUnet), alternative implementation in Go.
    218     \item Currently funded project to develop and host a GNS zone registrar service and to mirror some (large) DNS zones funded through NLnet / NGI Zero Entrust.
    219     \item Current and future research:
    220       \begin{itemize}
    221         \item PQ-secure key blinding.
    222         \item Sharing identity information via GNS (re:claimID).
    223       \end{itemize}
    224   \end{itemize}
    225 \end{frame}
    226 
    227 
    228 \begin{frame}
    229   \begin{center}
    230     Questions?\\
    231     \vspace{2cm}
    232     \url{https://gnunet.org}\\
    233     \vspace{1em}
    234     {\tiny
    235     \texttt{schanzen@gnu.org}\\
    236     \texttt{3D11~063C~10F9~8D14~BD24~D147~0B09~98EF~86F5~9B6A}\\
    237     }
    238   \end{center}
    239 \end{frame}
    240 
    241 \end{document}