more

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-09-06 10:51:46 +0200
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-09-06 10:51:46 +0200
commit: 495b02b508e08477eb8e2aaa06fdbd0ea92ecfee (patch)
tree: 105d18ce7eda6427c161d833980d718759cf1cb2 /draft-schanzen-gns.xml
parent: 91d8559eb5b5202fa7ba0e755511ac66c0710261 (diff)
download: lsd0001-495b02b508e08477eb8e2aaa06fdbd0ea92ecfee.tar.gz
lsd0001-495b02b508e08477eb8e2aaa06fdbd0ea92ecfee.zip
1 files changed, 32 insertions, 18 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 25530b6..65c7113 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -136,14 +136,21 @@
       A zone in GNS is defined by a public/private key pair (d,zk),
       where d is the private key and zk the corresponding public key.
       The contents of a zone are cryptographically signed before
-       publishing. Instead of the zone private key "d", the signature MUST
+       being published a Distributed Hash Table (DHT).
+       Records are grouped by their label and encrypted (<xref target="recordencryption"/>)
+       using an encryption key derived from the label and the zone public key.
+       Instead of the zone private key "d", the signature MUST
       be created using a blinded public/private key pair d' and zk'.
       This blinding is realized using a Hierarchical Deterministic Key
       Derivation (HDKD) scheme.
-       Such a scheme allows the zone owner to derivate a private d' and a
+       Such a scheme allows the zone owner to derive a private d' and a
       resolver to derive the corresponding public key zk' in a deterministic
       manner from the original public and private zone keys as well as a
-       label.
+       label. This feature prevents zone enumeration and requires knowledge
+       of both "zk" and the queried label to confirm affiliation with a
+       specific zone. At the same time, the blinded "zk'" provides nodes
+       with the ability to verifiy the integrity of the published information
+       without disclosing the originating zone.
     </t>
     <t>
       The following primitives define a zone in GNS:
@@ -177,12 +184,14 @@
         is a HDKD function which blinds a public zone key "zk" of the
         respective type.
       </dd>
-       <dt>TLD(zk) -> zkl</dt>
+       <dt>NameSuffix(ztype, zk) -> zkl</dt>
       <dd>
         is a function which defines a mapping from zone public key to
         a string "zkl" of the respective type.
-         It is string which encodes the "ztype" as well as the zone
+         It is a string which encodes the "ztype" as well as the zone
-         key "zk" into one or more labels.
+         key "zk" into one or more labels. The "zkl" is used as a
+         globally unique reference to a specific namespace in the
+         process of name resolution.
       </dd>
     </dl>
     <t>
@@ -763,7 +772,7 @@ q := SHA512 (HDKD-Public(zk, label))
 |                                               |
 +-----+-----+-----+-----+-----+-----+-----+-----+
 |       ZONE TYPE       |    PUBLIC ZONE KEY    |
-+-----+-----+-----+-----+                       |
+-----+-----+-----+-----+       (BLINDED)       |
 /                                               /
 /                                               /
 |                                               |
@@ -784,12 +793,17 @@ q := SHA512 (HDKD-Public(zk, label))
         <dd>
           The signature is computed over the data following
           the PUBLIC KEY field.
-           The signature is created using the derived private key "d'" (see
+           The signature is created using the derived private key
-           <xref target="zone_types" />).
+           "HDKD-Private(d, label)" (see <xref target="zone_types" />).
         </dd>
-         <dt>PUBLIC KEY</dt>
+         <dt>ZONE TYPE</dt>
+         <dd>
+           is the 32-bit zone type.
+         </dd>
+         <dt>ZONE PUBLIC KEY</dt>
         <dd>
-           is the public key "zk'" to be used to verify SIGNATURE.
+           is the blinded public zone key "HDKD-Public(zk, label)"
+           to be used to verify SIGNATURE.
         </dd>
         <dt>SIZE</dt>
         <dd>
@@ -1512,15 +1526,15 @@ NICK: john (Supplemental)
   particular application requires a different process.
       </t>
       <t>
-         GNS clients SHOULD first try to interpret the top-level domain of
+         GNS clients MUST first try to interpret the top-level domain of
-         a GNS name as a zone key.
+         a GNS name as a zone key representation "zkl := NameSuffix(ztype, zk)".
-         For example. if the top-level domain is a label representation of
+         If the top-level domain is indicated to be a label representation of
-         a public zone key "zkl", the root zone of the resolution process
+         a public zone key with a well-defined "ztype" value, the root zone of
-         is implicitly given by the name:
+         the resolution process is implicitly given by the suffic of the name:
       </t>
       <artwork name="" type="" align="left" alt=""><![CDATA[
-Example name: www.example.<zkl>
+Example name: www.example.<NameSuffix(ztype, zk)>
-=> Root zone: zk
+=> Root zone: zk of type ztype
 => Name to resolve from root zone: www.example
         ]]></artwork>
       <t>
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-09-06 10:51:46 +0200
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-09-06 10:51:46 +0200
commit	495b02b508e08477eb8e2aaa06fdbd0ea92ecfee (patch)
tree	105d18ce7eda6427c161d833980d718759cf1cb2 /draft-schanzen-gns.xml
parent	91d8559eb5b5202fa7ba0e755511ac66c0710261 (diff)
download	lsd0001-495b02b508e08477eb8e2aaa06fdbd0ea92ecfee.tar.gz lsd0001-495b02b508e08477eb8e2aaa06fdbd0ea92ecfee.zip