diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2021-12-21 16:25:51 +0100 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2021-12-21 16:25:51 +0100 |
commit | e05b093608f7af0192c3727538ccab7647b916c8 (patch) | |
tree | e78590892245edec708e92bdd5fa8fd925ef8e7d | |
parent | 6700414feb683725d184dbfc77be1972bc8d3cac (diff) | |
download | lsd0001-e05b093608f7af0192c3727538ccab7647b916c8.tar.gz lsd0001-e05b093608f7af0192c3727538ccab7647b916c8.zip |
move revocation
-rw-r--r-- | draft-schanzen-gns.xml | 483 |
1 files changed, 242 insertions, 241 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index ff6e2b2..641894b 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -1309,6 +1309,248 @@ q := SHA512 (HDKD-Public(zk, label)) | |||
1309 | </dl> | 1309 | </dl> |
1310 | </section> | 1310 | </section> |
1311 | </section> | 1311 | </section> |
1312 | <section anchor="revocation" numbered="true" toc="default"> | ||
1313 | <name>Zone Revocation</name> | ||
1314 | <t> | ||
1315 | Whenever a recursive resolver encounters a new GNS zone, it MUST | ||
1316 | check against the local revocation list whether the respective | ||
1317 | zone key has been revoked. If the zone key was revoked, the | ||
1318 | resolution MUST fail with an empty result set. | ||
1319 | </t> | ||
1320 | <t> | ||
1321 | In order to revoke a zone key, a signed revocation object MUST be | ||
1322 | published. | ||
1323 | This object MUST be signed using the private zone key. | ||
1324 | The revocation object is flooded in the overlay network. To prevent | ||
1325 | flooding attacks, the revocation message MUST contain a proof of work | ||
1326 | (PoW). | ||
1327 | The revocation message including the PoW MAY be calculated | ||
1328 | ahead of time to support timely revocation. | ||
1329 | </t> | ||
1330 | <t> | ||
1331 | For all occurences below, "Argon2id" is the Password-based Key | ||
1332 | Derivation Function as defined in <xref target="RFC9106" />. For the | ||
1333 | PoW calculations the algorithm is instantiated with the | ||
1334 | following parameters: | ||
1335 | </t> | ||
1336 | <dl> | ||
1337 | <dt>S</dt> | ||
1338 | <dd>The salt. Fixed 16-byte string: "GnsRevocationPow".</dd> | ||
1339 | <dt>t</dt> | ||
1340 | <dd>Number of iterations: 3</dd> | ||
1341 | <dt>m</dt> | ||
1342 | <dd>Memory size in KiB: 1024</dd> | ||
1343 | <dt>T</dt> | ||
1344 | <dd>Output length of hash in bytes: 64</dd> | ||
1345 | <dt>p</dt> | ||
1346 | <dd>Parallelization parameter: 1</dd> | ||
1347 | <dt>v</dt> | ||
1348 | <dd>Algorithm version: 0x13</dd> | ||
1349 | <dt>y</dt> | ||
1350 | <dd>Algorithm type (Argon2id): 2</dd> | ||
1351 | <dt>X</dt><dd>Unused</dd> | ||
1352 | <dt>K</dt><dd>Unused</dd> | ||
1353 | </dl> | ||
1354 | <t> | ||
1355 | <xref target="figure_revocation"/> illustrates the wire format | ||
1356 | of the message string "P" on which the PoW is calculated. | ||
1357 | </t> | ||
1358 | <figure anchor="figure_revocation"> | ||
1359 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
1360 | 0 8 16 24 32 40 48 56 | ||
1361 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1362 | | POW | | ||
1363 | +-----------------------------------------------+ | ||
1364 | | TIMESTAMP | | ||
1365 | +-----------------------------------------------+ | ||
1366 | | ZONE TYPE | PUBLIC ZONE KEY | | ||
1367 | +-----+-----+-----+-----+ | | ||
1368 | / / | ||
1369 | / / | ||
1370 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1371 | ]]></artwork> | ||
1372 | </figure> | ||
1373 | <t>The Wire Format of the PoW Message String.</t> | ||
1374 | <dl> | ||
1375 | <dt>POW</dt> | ||
1376 | <dd> | ||
1377 | A 64-bit solution to the PoW. In network byte order. | ||
1378 | </dd> | ||
1379 | <dt>TIMESTAMP</dt> | ||
1380 | <dd> | ||
1381 | denotes the absolute 64-bit date when the revocation was computed. | ||
1382 | In microseconds since midnight (0 hour), January 1, 1970 in network | ||
1383 | byte order. | ||
1384 | </dd> | ||
1385 | <dt>PUBLIC KEY</dt> | ||
1386 | <dd> | ||
1387 | is the 256-bit public key zk of the zone which is being revoked and | ||
1388 | the key to be used to verify SIGNATURE. The | ||
1389 | wire format of this value is defined in <xref target="RFC8032" />, | ||
1390 | Section 5.1.5. | ||
1391 | </dd> | ||
1392 | </dl> | ||
1393 | <t> | ||
1394 | Traditionally, PoW schemes require to find a POW such that | ||
1395 | at least D leading zeroes are found in the hash result. | ||
1396 | D is then referred to as the difficulty of the PoW. | ||
1397 | In order to reduce the variance in time it takes to calculate the | ||
1398 | PoW, we require that a number Z different PoWs must be | ||
1399 | found that on average have D leading zeroes. | ||
1400 | </t> | ||
1401 | <t> | ||
1402 | The resulting proofs may then published and disseminated. The concrete | ||
1403 | dissemination and publication methods are out of scope of this | ||
1404 | document. Given an average difficulty of D, the proofs have an | ||
1405 | expiration time of EPOCH. With each additional bit difficulty, the | ||
1406 | lifetime of the proof is prolonged for another EPOCH. | ||
1407 | Consequently, by calculating a more difficult PoW, the lifetime of the | ||
1408 | proof can be increased on demand by the zone owner. | ||
1409 | </t> | ||
1410 | <t> | ||
1411 | The parameters are defined as follows: | ||
1412 | </t> | ||
1413 | <dl> | ||
1414 | <dt>Z</dt> | ||
1415 | <dd>The number of PoWs required is fixed at 32.</dd> | ||
1416 | <dt>D</dt> | ||
1417 | <dd>The difficulty is fixed at 22.</dd> | ||
1418 | <dt>EPOCH</dt> | ||
1419 | <dd>A single epoch is fixed at 365 days.</dd> | ||
1420 | </dl> | ||
1421 | <t> | ||
1422 | The revocation message wire format is illustrated in | ||
1423 | <xref target="figure_revocationdata"/>. | ||
1424 | </t> | ||
1425 | <figure anchor="figure_revocationdata"> | ||
1426 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
1427 | 0 8 16 24 32 40 48 56 | ||
1428 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1429 | | TIMESTAMP | | ||
1430 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1431 | | TTL | | ||
1432 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1433 | | POW_0 | | ||
1434 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1435 | | ... | | ||
1436 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1437 | | POW_Z-1 | | ||
1438 | +-----------------------------------------------+ | ||
1439 | | ZONE TYPE | PUBLIC ZONE KEY | | ||
1440 | +-----+-----+-----+-----+ | | ||
1441 | / / | ||
1442 | / / | ||
1443 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1444 | | SIGNATURE | | ||
1445 | / / | ||
1446 | / / | ||
1447 | | | | ||
1448 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1449 | ]]></artwork> | ||
1450 | </figure> | ||
1451 | <t>The Revocation Message Wire Format.</t> | ||
1452 | <dl> | ||
1453 | <dt>TIMESTAMP</dt> | ||
1454 | <dd> | ||
1455 | denotes the absolute 64-bit date when the revocation was computed. | ||
1456 | In microseconds since midnight (0 hour), January 1, 1970 in network | ||
1457 | byte order. This is the same value as the timestamp used in the | ||
1458 | individual PoW calculations. | ||
1459 | </dd> | ||
1460 | <dt>TTL</dt> | ||
1461 | <dd> | ||
1462 | denotes the relative 64-bit time to live of of the record in | ||
1463 | microseconds also in network byte order. This field is informational | ||
1464 | for a verifier. The verifier may discard revocation if the TTL | ||
1465 | indicates that it is already expired. However, the actual TTL of the | ||
1466 | revocation must be determined by examining the leading zeros in the | ||
1467 | proof of work calculation. | ||
1468 | </dd> | ||
1469 | <dt>POW_i</dt> | ||
1470 | <dd> | ||
1471 | The values calculated as part of the PoW, in network byte order. | ||
1472 | Each POW_i MUST be unique in the set of POW values. | ||
1473 | To facilitate fast verification | ||
1474 | of uniqueness, the POW values must be given in strictly | ||
1475 | monotonically increasing order in the message. | ||
1476 | </dd> | ||
1477 | <dt>ZONE TYPE</dt> | ||
1478 | <dd> | ||
1479 | The 32-bit zone type corresponding to the zone public key. | ||
1480 | </dd> | ||
1481 | <dt>ZONE PUBLIC KEY</dt> | ||
1482 | <dd> | ||
1483 | is the public key zk of the zone which is being revoked and | ||
1484 | the key to be used to verify SIGNATURE. | ||
1485 | </dd> | ||
1486 | <dt>SIGNATURE</dt> | ||
1487 | <dd> | ||
1488 | A signature over a timestamp and the public zone zk of the zone | ||
1489 | which is revoked and corresponds to the key used in the PoW. | ||
1490 | The signature is created using the Sign() function of | ||
1491 | the cryptosystem of the zone and the private zone key | ||
1492 | (see <xref target="zone_types" />). | ||
1493 | </dd> | ||
1494 | </dl> | ||
1495 | <t> | ||
1496 | The signature over the public key covers a 32-bit pseudo header | ||
1497 | conceptually prefixed to the public key. The pseudo header includes | ||
1498 | the key length and signature purpose. The wire format is illustrated | ||
1499 | in <xref target="figure_revsigwithpseudo"/>. | ||
1500 | </t> | ||
1501 | <figure anchor="figure_revsigwithpseudo"> | ||
1502 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
1503 | 0 8 16 24 32 40 48 56 | ||
1504 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1505 | | SIZE (0x30) | PURPOSE (0x03) | | ||
1506 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1507 | | TIMESTAMP | | ||
1508 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1509 | | ZONE TYPE | ZONE PUBLIC KEY | | ||
1510 | +-----+-----+-----+-----+ | | ||
1511 | / / | ||
1512 | / / | ||
1513 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1514 | ]]></artwork> | ||
1515 | </figure> | ||
1516 | <t>The Wire Format of the Revocation Data for Signing.</t> | ||
1517 | <dl> | ||
1518 | <dt>SIZE</dt> | ||
1519 | <dd> | ||
1520 | A 32-bit value containing the length of the signed data in bytes | ||
1521 | in network byte order. | ||
1522 | </dd> | ||
1523 | <dt>PURPOSE</dt> | ||
1524 | <dd> | ||
1525 | A 32-bit signature purpose flag. This field MUST be 3 (in network | ||
1526 | byte order). | ||
1527 | </dd> | ||
1528 | <dt>ZONE TYPE</dt> | ||
1529 | <dd> | ||
1530 | The 32-bit zone type corresponding to the zone public key. | ||
1531 | </dd> | ||
1532 | <dt>ZONE PUBLIC KEY / TIMESTAMP</dt> | ||
1533 | <dd>Both values as defined in the revocation data object above.</dd> | ||
1534 | </dl> | ||
1535 | <t> | ||
1536 | In order to verify a revocation the following steps must be taken, | ||
1537 | in order: | ||
1538 | </t> | ||
1539 | <ol> | ||
1540 | <li>The current time MUST be between TIMESTAMP and | ||
1541 | TIMESTAMP+TTL.</li> | ||
1542 | <li>The signature MUST match the public key.</li> | ||
1543 | <li>The set of POW values MUST NOT contain duplicates.</li> | ||
1544 | <li>The average number of leading zeroes resulting from the provided | ||
1545 | POW values D' MUST be greater than D.</li> | ||
1546 | <li>The validation period (TTL) of the revocation is calculated as | ||
1547 | (D'-D) * EPOCH * 1.1. The EPOCH is extended by | ||
1548 | 10% in order to deal with unsynchronized clocks. | ||
1549 | The TTL added on top of the TIMESTAMP yields the | ||
1550 | expiration date.</li> | ||
1551 | </ol> | ||
1552 | </section> | ||
1553 | |||
1312 | <section anchor="resolution" numbered="true" toc="default"> | 1554 | <section anchor="resolution" numbered="true" toc="default"> |
1313 | <name>Name Resolution</name> | 1555 | <name>Name Resolution</name> |
1314 | <t> | 1556 | <t> |
@@ -1666,247 +1908,6 @@ NICK: john (Supplemental) | |||
1666 | </section> | 1908 | </section> |
1667 | </section> | 1909 | </section> |
1668 | </section> | 1910 | </section> |
1669 | <section anchor="revocation" numbered="true" toc="default"> | ||
1670 | <name>Zone Revocation</name> | ||
1671 | <t> | ||
1672 | Whenever a recursive resolver encounters a new GNS zone, it MUST | ||
1673 | check against the local revocation list whether the respective | ||
1674 | zone key has been revoked. If the zone key was revoked, the | ||
1675 | resolution MUST fail with an empty result set. | ||
1676 | </t> | ||
1677 | <t> | ||
1678 | In order to revoke a zone key, a signed revocation object MUST be | ||
1679 | published. | ||
1680 | This object MUST be signed using the private zone key. | ||
1681 | The revocation object is flooded in the overlay network. To prevent | ||
1682 | flooding attacks, the revocation message MUST contain a proof of work | ||
1683 | (PoW). | ||
1684 | The revocation message including the PoW MAY be calculated | ||
1685 | ahead of time to support timely revocation. | ||
1686 | </t> | ||
1687 | <t> | ||
1688 | For all occurences below, "Argon2id" is the Password-based Key | ||
1689 | Derivation Function as defined in <xref target="RFC9106" />. For the | ||
1690 | PoW calculations the algorithm is instantiated with the | ||
1691 | following parameters: | ||
1692 | </t> | ||
1693 | <dl> | ||
1694 | <dt>S</dt> | ||
1695 | <dd>The salt. Fixed 16-byte string: "GnsRevocationPow".</dd> | ||
1696 | <dt>t</dt> | ||
1697 | <dd>Number of iterations: 3</dd> | ||
1698 | <dt>m</dt> | ||
1699 | <dd>Memory size in KiB: 1024</dd> | ||
1700 | <dt>T</dt> | ||
1701 | <dd>Output length of hash in bytes: 64</dd> | ||
1702 | <dt>p</dt> | ||
1703 | <dd>Parallelization parameter: 1</dd> | ||
1704 | <dt>v</dt> | ||
1705 | <dd>Algorithm version: 0x13</dd> | ||
1706 | <dt>y</dt> | ||
1707 | <dd>Algorithm type (Argon2id): 2</dd> | ||
1708 | <dt>X</dt><dd>Unused</dd> | ||
1709 | <dt>K</dt><dd>Unused</dd> | ||
1710 | </dl> | ||
1711 | <t> | ||
1712 | <xref target="figure_revocation"/> illustrates the wire format | ||
1713 | of the message string "P" on which the PoW is calculated. | ||
1714 | </t> | ||
1715 | <figure anchor="figure_revocation"> | ||
1716 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
1717 | 0 8 16 24 32 40 48 56 | ||
1718 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1719 | | POW | | ||
1720 | +-----------------------------------------------+ | ||
1721 | | TIMESTAMP | | ||
1722 | +-----------------------------------------------+ | ||
1723 | | ZONE TYPE | PUBLIC ZONE KEY | | ||
1724 | +-----+-----+-----+-----+ | | ||
1725 | / / | ||
1726 | / / | ||
1727 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1728 | ]]></artwork> | ||
1729 | </figure> | ||
1730 | <t>The Wire Format of the PoW Message String.</t> | ||
1731 | <dl> | ||
1732 | <dt>POW</dt> | ||
1733 | <dd> | ||
1734 | A 64-bit solution to the PoW. In network byte order. | ||
1735 | </dd> | ||
1736 | <dt>TIMESTAMP</dt> | ||
1737 | <dd> | ||
1738 | denotes the absolute 64-bit date when the revocation was computed. | ||
1739 | In microseconds since midnight (0 hour), January 1, 1970 in network | ||
1740 | byte order. | ||
1741 | </dd> | ||
1742 | <dt>PUBLIC KEY</dt> | ||
1743 | <dd> | ||
1744 | is the 256-bit public key zk of the zone which is being revoked and | ||
1745 | the key to be used to verify SIGNATURE. The | ||
1746 | wire format of this value is defined in <xref target="RFC8032" />, | ||
1747 | Section 5.1.5. | ||
1748 | </dd> | ||
1749 | </dl> | ||
1750 | <t> | ||
1751 | Traditionally, PoW schemes require to find a POW such that | ||
1752 | at least D leading zeroes are found in the hash result. | ||
1753 | D is then referred to as the difficulty of the PoW. | ||
1754 | In order to reduce the variance in time it takes to calculate the | ||
1755 | PoW, we require that a number Z different PoWs must be | ||
1756 | found that on average have D leading zeroes. | ||
1757 | </t> | ||
1758 | <t> | ||
1759 | The resulting proofs may then published and disseminated. The concrete | ||
1760 | dissemination and publication methods are out of scope of this | ||
1761 | document. Given an average difficulty of D, the proofs have an | ||
1762 | expiration time of EPOCH. With each additional bit difficulty, the | ||
1763 | lifetime of the proof is prolonged for another EPOCH. | ||
1764 | Consequently, by calculating a more difficult PoW, the lifetime of the | ||
1765 | proof can be increased on demand by the zone owner. | ||
1766 | </t> | ||
1767 | <t> | ||
1768 | The parameters are defined as follows: | ||
1769 | </t> | ||
1770 | <dl> | ||
1771 | <dt>Z</dt> | ||
1772 | <dd>The number of PoWs required is fixed at 32.</dd> | ||
1773 | <dt>D</dt> | ||
1774 | <dd>The difficulty is fixed at 22.</dd> | ||
1775 | <dt>EPOCH</dt> | ||
1776 | <dd>A single epoch is fixed at 365 days.</dd> | ||
1777 | </dl> | ||
1778 | <t> | ||
1779 | The revocation message wire format is illustrated in | ||
1780 | <xref target="figure_revocationdata"/>. | ||
1781 | </t> | ||
1782 | <figure anchor="figure_revocationdata"> | ||
1783 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
1784 | 0 8 16 24 32 40 48 56 | ||
1785 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1786 | | TIMESTAMP | | ||
1787 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1788 | | TTL | | ||
1789 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1790 | | POW_0 | | ||
1791 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1792 | | ... | | ||
1793 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1794 | | POW_Z-1 | | ||
1795 | +-----------------------------------------------+ | ||
1796 | | ZONE TYPE | PUBLIC ZONE KEY | | ||
1797 | +-----+-----+-----+-----+ | | ||
1798 | / / | ||
1799 | / / | ||
1800 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1801 | | SIGNATURE | | ||
1802 | / / | ||
1803 | / / | ||
1804 | | | | ||
1805 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1806 | ]]></artwork> | ||
1807 | </figure> | ||
1808 | <t>The Revocation Message Wire Format.</t> | ||
1809 | <dl> | ||
1810 | <dt>TIMESTAMP</dt> | ||
1811 | <dd> | ||
1812 | denotes the absolute 64-bit date when the revocation was computed. | ||
1813 | In microseconds since midnight (0 hour), January 1, 1970 in network | ||
1814 | byte order. This is the same value as the timestamp used in the | ||
1815 | individual PoW calculations. | ||
1816 | </dd> | ||
1817 | <dt>TTL</dt> | ||
1818 | <dd> | ||
1819 | denotes the relative 64-bit time to live of of the record in | ||
1820 | microseconds also in network byte order. This field is informational | ||
1821 | for a verifier. The verifier may discard revocation if the TTL | ||
1822 | indicates that it is already expired. However, the actual TTL of the | ||
1823 | revocation must be determined by examining the leading zeros in the | ||
1824 | proof of work calculation. | ||
1825 | </dd> | ||
1826 | <dt>POW_i</dt> | ||
1827 | <dd> | ||
1828 | The values calculated as part of the PoW, in network byte order. | ||
1829 | Each POW_i MUST be unique in the set of POW values. | ||
1830 | To facilitate fast verification | ||
1831 | of uniqueness, the POW values must be given in strictly | ||
1832 | monotonically increasing order in the message. | ||
1833 | </dd> | ||
1834 | <dt>ZONE TYPE</dt> | ||
1835 | <dd> | ||
1836 | The 32-bit zone type corresponding to the zone public key. | ||
1837 | </dd> | ||
1838 | <dt>ZONE PUBLIC KEY</dt> | ||
1839 | <dd> | ||
1840 | is the public key zk of the zone which is being revoked and | ||
1841 | the key to be used to verify SIGNATURE. | ||
1842 | </dd> | ||
1843 | <dt>SIGNATURE</dt> | ||
1844 | <dd> | ||
1845 | A signature over a timestamp and the public zone zk of the zone | ||
1846 | which is revoked and corresponds to the key used in the PoW. | ||
1847 | The signature is created using the Sign() function of | ||
1848 | the cryptosystem of the zone and the private zone key | ||
1849 | (see <xref target="zone_types" />). | ||
1850 | </dd> | ||
1851 | </dl> | ||
1852 | <t> | ||
1853 | The signature over the public key covers a 32-bit pseudo header | ||
1854 | conceptually prefixed to the public key. The pseudo header includes | ||
1855 | the key length and signature purpose. The wire format is illustrated | ||
1856 | in <xref target="figure_revsigwithpseudo"/>. | ||
1857 | </t> | ||
1858 | <figure anchor="figure_revsigwithpseudo"> | ||
1859 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
1860 | 0 8 16 24 32 40 48 56 | ||
1861 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1862 | | SIZE (0x30) | PURPOSE (0x03) | | ||
1863 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1864 | | TIMESTAMP | | ||
1865 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1866 | | ZONE TYPE | ZONE PUBLIC KEY | | ||
1867 | +-----+-----+-----+-----+ | | ||
1868 | / / | ||
1869 | / / | ||
1870 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1871 | ]]></artwork> | ||
1872 | </figure> | ||
1873 | <t>The Wire Format of the Revocation Data for Signing.</t> | ||
1874 | <dl> | ||
1875 | <dt>SIZE</dt> | ||
1876 | <dd> | ||
1877 | A 32-bit value containing the length of the signed data in bytes | ||
1878 | in network byte order. | ||
1879 | </dd> | ||
1880 | <dt>PURPOSE</dt> | ||
1881 | <dd> | ||
1882 | A 32-bit signature purpose flag. This field MUST be 3 (in network | ||
1883 | byte order). | ||
1884 | </dd> | ||
1885 | <dt>ZONE TYPE</dt> | ||
1886 | <dd> | ||
1887 | The 32-bit zone type corresponding to the zone public key. | ||
1888 | </dd> | ||
1889 | <dt>ZONE PUBLIC KEY / TIMESTAMP</dt> | ||
1890 | <dd>Both values as defined in the revocation data object above.</dd> | ||
1891 | </dl> | ||
1892 | <t> | ||
1893 | In order to verify a revocation the following steps must be taken, | ||
1894 | in order: | ||
1895 | </t> | ||
1896 | <ol> | ||
1897 | <li>The current time MUST be between TIMESTAMP and | ||
1898 | TIMESTAMP+TTL.</li> | ||
1899 | <li>The signature MUST match the public key.</li> | ||
1900 | <li>The set of POW values MUST NOT contain duplicates.</li> | ||
1901 | <li>The average number of leading zeroes resulting from the provided | ||
1902 | POW values D' MUST be greater than D.</li> | ||
1903 | <li>The validation period (TTL) of the revocation is calculated as | ||
1904 | (D'-D) * EPOCH * 1.1. The EPOCH is extended by | ||
1905 | 10% in order to deal with unsynchronized clocks. | ||
1906 | The TTL added on top of the TIMESTAMP yields the | ||
1907 | expiration date.</li> | ||
1908 | </ol> | ||
1909 | </section> | ||
1910 | <section anchor="encoding" numbered="true" toc="default"> | 1911 | <section anchor="encoding" numbered="true" toc="default"> |
1911 | <name>Internationalization and Character Encoding</name> | 1912 | <name>Internationalization and Character Encoding</name> |
1912 | <t> | 1913 | <t> |