3 files changed, 215 insertions, 30 deletions
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
index 81923c6..1ed4743 100644
--- a/draft-schanzen-gns.html
+++ b/draft-schanzen-gns.html
@@ -2462,7 +2462,7 @@ table {
                                  128 / 8)
           ALTERNATIVE:
           PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
-           IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);
+           IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8);
         </pre>
 </div>
@@ -2486,16 +2486,82 @@ table {
 </div>
 <figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure>
 <p id="section-7-15">
-       The above EREV data object is again derived using the scrypt algorithm.
+         The above EREV data object is again derived using the scrypt algorithm.
-       The proof of work is complete, if the following inequality holds:<a href="#section-7-15" class="pilcrow">¶</a></p>
+         The proof of work is complete, if the following inequality holds:<a href="#section-7-15" class="pilcrow">¶</a></p>
 <figure id="figure-19">
        <div class="artwork art-text alignLeft" id="section-7-16.1">
 <pre>
-         scrypt(P := EREV) &lt; 2^(39)-1
+         POW := scrypt(P := EREV) &lt; 2^(39)-1
         
         </pre>
 </div>
 <figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure>
+<p id="section-7-17">
+         In order to prove ownership over the revoked zone, the owner calculates
+         a signature over the following data:<a href="#section-7-17" class="pilcrow">¶</a></p>
+<div id="figure_revocationdata">
+<figure id="figure-20">
+        <div class="artwork art-text alignLeft" id="section-7-18.1">
+<pre>
+           0     8     16    24    32    40    48    56
+           +-----+-----+-----+-----+-----+-----+-----+-----+
+           |                   SIGNATURE                   |
+           |                                               |
+           |                                               |
+           |                                               |
+           |                                               |
+           |                                               |
+           |                                               |
+           |                                               |
+           +-----+-----+-----+-----+-----+-----+-----+-----+
+           |         SIZE          |       PURPOSE         |
+           +-----+-----+-----+-----+-----+-----+-----+-----+
+           |                  PUBLIC KEY                   |
+           |                                               |
+           |                                               |
+           |                                               |
+           +-----+-----+-----+-----+-----+-----+-----+-----+
+           |                      POW                      |
+           +-----------------------------------------------+
+           </pre>
+</div>
+<figcaption><a href="#figure-20" class="selfRef">Figure 20</a></figcaption></figure>
+</div>
+<p id="section-7-19">where:<a href="#section-7-19" class="pilcrow">¶</a></p>
+<dl class="dlParallel" id="section-7-20">
+        <dt id="section-7-20.1">SIGNATURE</dt>
+<dd id="section-7-20.2">
+           A 512-bit ECDSA deterministic signature compliant with
+           <span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span>. The signature is computed over the data
+           following the SIZE, PURPOSE and PUBLIC KEY fields.
+           The signature is created using the private zone key "d" (see
+           <a href="#zones" class="xref">Section 2</a>).<a href="#section-7-20.2" class="pilcrow">¶</a>
+</dd>
+<dt id="section-7-20.3">SIZE</dt>
+<dd id="section-7-20.4">
+           A 32-bit value containing the length of the signed data in network
+           byte order.<a href="#section-7-20.4" class="pilcrow">¶</a>
+</dd>
+<dt id="section-7-20.5">PURPOSE</dt>
+<dd id="section-7-20.6">
+           A 32-bit signature purpose flag. This field MUST be 3 (in network
+           byte order).<a href="#section-7-20.6" class="pilcrow">¶</a>
+</dd>
+<dt id="section-7-20.7">PUBLIC KEY</dt>
+<dd id="section-7-20.8">
+           is the 256-bit public key "zk" of the zone which is being revoked and
+           the key to be used to verify SIGNATURE. The
+           wire format of this value is defined in <span>[<a href="#RFC8032" class="xref">RFC8032</a>]</span>,
+           Section 5.1.5.<a href="#section-7-20.8" class="pilcrow">¶</a>
+</dd>
+<dt id="section-7-20.9">POW</dt>
+<dd id="section-7-20.10">
+           The value of the proof of work.<a href="#section-7-20.10" class="pilcrow">¶</a>
+</dd>
+</dl>
+<p id="section-7-21">
+         The resulting block may now be published and disseminated. The concrete
+         dissemination and publication methods are out of scope of this document.<a href="#section-7-21" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="governance">
@@ -2618,7 +2684,7 @@ The registry shall record for each entry:<a href="#section-10-1" class="pilcrow"
         Served", as described in <span>[<a href="#RFC8126" class="xref">RFC8126</a>]</span>.
         IANA is requested to populate this registry as follows:<a href="#section-10-3" class="pilcrow">¶</a></p>
 <div id="figure_rrtypenums">
-<figure id="figure-20">
+<figure id="figure-21">
        <div class="artwork art-text alignLeft" id="section-10-4.1">
 <pre>
           Number   | Type            | Contact | References
@@ -2632,7 +2698,7 @@ The registry shall record for each entry:<a href="#section-10-1" class="pilcrow"
           FIXME We have a lot more?
           </pre>
 </div>
-<figcaption><a href="#figure-20" class="selfRef">Figure 20</a></figcaption></figure>
+<figcaption><a href="#figure-21" class="selfRef">Figure 21</a></figcaption></figure>
 </div>
 </section>
 </div>
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
index 6d41ad3..da7a12f 100644
--- a/draft-schanzen-gns.txt
+++ b/draft-schanzen-gns.txt
@@ -85,12 +85,12 @@ Table of Contents
       6.2.5.  VPN . . . . . . . . . . . . . . . . . . . . . . . . .  18
       6.2.6.  NICK  . . . . . . . . . . . . . . . . . . . . . . . .  19
   7.  Zone Revocation . . . . . . . . . . . . . . . . . . . . . . .  19
-   8.  Determining the Root Zone and Zone Governance . . . . . . . .  22
+   8.  Determining the Root Zone and Zone Governance . . . . . . . .  23
-   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  23
+   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  24
-   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  23
+   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  24
-   11. Test Vectors  . . . . . . . . . . . . . . . . . . . . . . . .  24
+   11. Test Vectors  . . . . . . . . . . . . . . . . . . . . . . . .  25
-   12. Normative References  . . . . . . . . . . . . . . . . . . . .  26
+   12. Normative References  . . . . . . . . . . . . . . . . . . . .  27
-   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  27
+   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  28
 1.  Introduction
@@ -1142,7 +1142,7 @@ Internet-Draft             The GNU Name System             November 2019
                                     128 / 8)
              ALTERNATIVE:
              PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
-              IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);
+              IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8);
                                 Figure 17
@@ -1165,7 +1165,7 @@ Internet-Draft             The GNU Name System             November 2019
   algorithm.  The proof of work is complete, if the following
   inequality holds:
-            scrypt(P := EREV) < 2^(39)-1
+            POW := scrypt(P := EREV) < 2^(39)-1
                                 Figure 19
@@ -1178,6 +1178,62 @@ Schanzenbach, et al.       Expires 13 May 2020                 [Page 21]
 Internet-Draft             The GNU Name System             November 2019
+   In order to prove ownership over the revoked zone, the owner
+   calculates a signature over the following data:
+              0     8     16    24    32    40    48    56
+              +-----+-----+-----+-----+-----+-----+-----+-----+
+              |                   SIGNATURE                   |
+              |                                               |
+              |                                               |
+              |                                               |
+              |                                               |
+              |                                               |
+              |                                               |
+              |                                               |
+              +-----+-----+-----+-----+-----+-----+-----+-----+
+              |         SIZE          |       PURPOSE         |
+              +-----+-----+-----+-----+-----+-----+-----+-----+
+              |                  PUBLIC KEY                   |
+              |                                               |
+              |                                               |
+              |                                               |
+              +-----+-----+-----+-----+-----+-----+-----+-----+
+              |                      POW                      |
+              +-----------------------------------------------+
+                                 Figure 20
+   where:
+   SIGNATURE  A 512-bit ECDSA deterministic signature compliant with
+      [RFC6979].  The signature is computed over the data following the
+      SIZE, PURPOSE and PUBLIC KEY fields.  The signature is created
+      using the private zone key "d" (see Section 2).
+   SIZE  A 32-bit value containing the length of the signed data in
+      network byte order.
+   PURPOSE  A 32-bit signature purpose flag.  This field MUST be 3 (in
+      network byte order).
+   PUBLIC KEY  is the 256-bit public key "zk" of the zone which is being
+      revoked and the key to be used to verify SIGNATURE.  The wire
+      format of this value is defined in [RFC8032], Section 5.1.5.
+   POW  The value of the proof of work.
+   The resulting block may now be published and disseminated.  The
+   concrete dissemination and publication methods are out of scope of
+   this document.
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 22]
+Internet-Draft             The GNU Name System             November 2019
 8.  Determining the Root Zone and Zone Governance
   The resolution of a GNS name must start in a given start zone
@@ -1229,7 +1285,7 @@ Internet-Draft             The GNU Name System             November 2019
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 22]
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 23]
 Internet-Draft             The GNU Name System             November 2019
@@ -1285,7 +1341,7 @@ Internet-Draft             The GNU Name System             November 2019
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 23]
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 24]
 Internet-Draft             The GNU Name System             November 2019
@@ -1300,7 +1356,7 @@ Internet-Draft             The GNU Name System             November 2019
              65541    | BOX             | N/A     | [This.I-D]
              FIXME We have a lot more?
-                                 Figure 20
+                                 Figure 21
 11.  Test Vectors
@@ -1341,7 +1397,7 @@ Internet-Draft             The GNU Name System             November 2019
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 24]
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 25]
 Internet-Draft             The GNU Name System             November 2019
@@ -1397,7 +1453,7 @@ Internet-Draft             The GNU Name System             November 2019
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 25]
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 26]
 Internet-Draft             The GNU Name System             November 2019
@@ -1453,7 +1509,7 @@ Internet-Draft             The GNU Name System             November 2019
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 26]
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 27]
 Internet-Draft             The GNU Name System             November 2019
@@ -1509,7 +1565,7 @@ Authors' Addresses
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 27]
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 28]
 Internet-Draft             The GNU Name System             November 2019
@@ -1565,4 +1621,4 @@ Internet-Draft             The GNU Name System             November 2019
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 28]
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 29]
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 9bf1201..49ed467 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -1205,7 +1205,7 @@
                                  128 / 8)
           ALTERNATIVE:
           PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
-           IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);
+           IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8);
         ]]></artwork>
       </figure>
@@ -1226,18 +1226,81 @@
                           AES(K[32:63], IV[0:15], REV))
         ]]></artwork>
-     </figure>
+       </figure>
-     <t>
+       <t>
-       The above EREV data object is again derived using the scrypt algorithm.
+         The above EREV data object is again derived using the scrypt algorithm.
-       The proof of work is complete, if the following inequality holds:
+         The proof of work is complete, if the following inequality holds:
-     </t>
+       </t>
       <figure>
         <artwork name="" type="" align="left" alt=""><![CDATA[
-         scrypt(P := EREV) < 2^(39)-1
+         POW := scrypt(P := EREV) < 2^(39)-1
         ]]>
         </artwork>
       </figure>
+       <t>
+         In order to prove ownership over the revoked zone, the owner calculates
+         a signature over the following data:
+       </t>
+       <figure anchor="figure_revocationdata">
+         <artwork name="" type="" align="left" alt=""><![CDATA[
+           0     8     16    24    32    40    48    56
+           +-----+-----+-----+-----+-----+-----+-----+-----+
+           |                   SIGNATURE                   |
+           |                                               |
+           |                                               |
+           |                                               |
+           |                                               |
+           |                                               |
+           |                                               |
+           |                                               |
+           +-----+-----+-----+-----+-----+-----+-----+-----+
+           |         SIZE          |       PURPOSE         |
+           +-----+-----+-----+-----+-----+-----+-----+-----+
+           |                  PUBLIC KEY                   |
+           |                                               |
+           |                                               |
+           |                                               |
+           +-----+-----+-----+-----+-----+-----+-----+-----+
+           |                      POW                      |
+           +-----------------------------------------------+
+           ]]></artwork>
+       </figure>
+       <t>where:</t>
+       <dl>
+         <dt>SIGNATURE</dt>
+         <dd>
+           A 512-bit ECDSA deterministic signature compliant with
+           <xref target="RFC6979" />. The signature is computed over the data
+           following the SIZE, PURPOSE and PUBLIC KEY fields.
+           The signature is created using the private zone key "d" (see
+           <xref target="zones" />).
+         </dd>
+         <dt>SIZE</dt>
+         <dd>
+           A 32-bit value containing the length of the signed data in network
+           byte order.
+         </dd>
+         <dt>PURPOSE</dt>
+         <dd>
+           A 32-bit signature purpose flag. This field MUST be 3 (in network
+           byte order).
+         </dd>
+         <dt>PUBLIC KEY</dt>
+         <dd>
+           is the 256-bit public key "zk" of the zone which is being revoked and
+           the key to be used to verify SIGNATURE. The
+           wire format of this value is defined in <xref target="RFC8032" />,
+           Section 5.1.5.
+         </dd>
+         <dt>POW</dt>
+         <dd>
+           The value of the proof of work.
+         </dd>
+       </dl>
+       <t>
+         The resulting block may now be published and disseminated. The concrete
+         dissemination and publication methods are out of scope of this document.
+       </t>
     </section>
     <section anchor="governance" numbered="true" toc="default">
       <name>Determining the Root Zone and Zone Governance</name>

diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html index 81923c6..1ed4743 100644 --- a/draft-schanzen-gns.html +++ b/draft-schanzen-gns.html
@@ -2462,7 +2462,7 @@ table {
2462	128 / 8)	2462	128 / 8)
2463	ALTERNATIVE:	2463	ALTERNATIVE:
2464	PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)	2464	PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
2465	IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);	2465	IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8);
2466		2466
2467	</pre>	2467	</pre>
2468	</div>	2468	</div>
@@ -2486,16 +2486,82 @@ table {
2486	</div>	2486	</div>
2487	<figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure>	2487	<figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure>
2488	<p id="section-7-15">	2488	<p id="section-7-15">
2489	The above EREV data object is again derived using the scrypt algorithm.	2489	The above EREV data object is again derived using the scrypt algorithm.
2490	The proof of work is complete, if the following inequality holds:<a href="#section-7-15" class="pilcrow">¶</a></p>	2490	The proof of work is complete, if the following inequality holds:<a href="#section-7-15" class="pilcrow">¶</a></p>
2491	<figure id="figure-19">	2491	<figure id="figure-19">
2492	<div class="artwork art-text alignLeft" id="section-7-16.1">	2492	<div class="artwork art-text alignLeft" id="section-7-16.1">
2493	<pre>	2493	<pre>
2494	scrypt(P := EREV) < 2^(39)-1	2494	POW := scrypt(P := EREV) < 2^(39)-1
2495		2495
2496	</pre>	2496	</pre>
2497	</div>	2497	</div>
2498	<figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure>	2498	<figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure>
		2499	<p id="section-7-17">
		2500	In order to prove ownership over the revoked zone, the owner calculates
		2501	a signature over the following data:<a href="#section-7-17" class="pilcrow">¶</a></p>
		2502	<div id="figure_revocationdata">
		2503	<figure id="figure-20">
		2504	<div class="artwork art-text alignLeft" id="section-7-18.1">
		2505	<pre>
		2506	0 8 16 24 32 40 48 56
		2507	+-----+-----+-----+-----+-----+-----+-----+-----+
		2508	\| SIGNATURE \|
		2509	\| \|
		2510	\| \|
		2511	\| \|
		2512	\| \|
		2513	\| \|
		2514	\| \|
		2515	\| \|
		2516	+-----+-----+-----+-----+-----+-----+-----+-----+
		2517	\| SIZE \| PURPOSE \|
		2518	+-----+-----+-----+-----+-----+-----+-----+-----+
		2519	\| PUBLIC KEY \|
		2520	\| \|
		2521	\| \|
		2522	\| \|
		2523	+-----+-----+-----+-----+-----+-----+-----+-----+
		2524	\| POW \|
		2525	+-----------------------------------------------+
		2526	</pre>
		2527	</div>
		2528	<figcaption><a href="#figure-20" class="selfRef">Figure 20</a></figcaption></figure>
		2529	</div>
		2530	<p id="section-7-19">where:<a href="#section-7-19" class="pilcrow">¶</a></p>
		2531	<dl class="dlParallel" id="section-7-20">
		2532	<dt id="section-7-20.1">SIGNATURE</dt>
		2533	<dd id="section-7-20.2">
		2534	A 512-bit ECDSA deterministic signature compliant with
		2535	<span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span>. The signature is computed over the data
		2536	following the SIZE, PURPOSE and PUBLIC KEY fields.
		2537	The signature is created using the private zone key "d" (see
		2538	<a href="#zones" class="xref">Section 2</a>).<a href="#section-7-20.2" class="pilcrow">¶</a>
		2539	</dd>
		2540	<dt id="section-7-20.3">SIZE</dt>
		2541	<dd id="section-7-20.4">
		2542	A 32-bit value containing the length of the signed data in network
		2543	byte order.<a href="#section-7-20.4" class="pilcrow">¶</a>
		2544	</dd>
		2545	<dt id="section-7-20.5">PURPOSE</dt>
		2546	<dd id="section-7-20.6">
		2547	A 32-bit signature purpose flag. This field MUST be 3 (in network
		2548	byte order).<a href="#section-7-20.6" class="pilcrow">¶</a>
		2549	</dd>
		2550	<dt id="section-7-20.7">PUBLIC KEY</dt>
		2551	<dd id="section-7-20.8">
		2552	is the 256-bit public key "zk" of the zone which is being revoked and
		2553	the key to be used to verify SIGNATURE. The
		2554	wire format of this value is defined in <span>[<a href="#RFC8032" class="xref">RFC8032</a>]</span>,
		2555	Section 5.1.5.<a href="#section-7-20.8" class="pilcrow">¶</a>
		2556	</dd>
		2557	<dt id="section-7-20.9">POW</dt>
		2558	<dd id="section-7-20.10">
		2559	The value of the proof of work.<a href="#section-7-20.10" class="pilcrow">¶</a>
		2560	</dd>
		2561	</dl>
		2562	<p id="section-7-21">
		2563	The resulting block may now be published and disseminated. The concrete
		2564	dissemination and publication methods are out of scope of this document.<a href="#section-7-21" class="pilcrow">¶</a></p>
2499	</section>	2565	</section>
2500	</div>	2566	</div>
2501	<div id="governance">	2567	<div id="governance">
@@ -2618,7 +2684,7 @@ The registry shall record for each entry:<a href="#section-10-1" class="pilcrow"
2618	Served", as described in <span>[<a href="#RFC8126" class="xref">RFC8126</a>]</span>.	2684	Served", as described in <span>[<a href="#RFC8126" class="xref">RFC8126</a>]</span>.
2619	IANA is requested to populate this registry as follows:<a href="#section-10-3" class="pilcrow">¶</a></p>	2685	IANA is requested to populate this registry as follows:<a href="#section-10-3" class="pilcrow">¶</a></p>
2620	<div id="figure_rrtypenums">	2686	<div id="figure_rrtypenums">
2621	<figure id="figure-20">	2687	<figure id="figure-21">
2622	<div class="artwork art-text alignLeft" id="section-10-4.1">	2688	<div class="artwork art-text alignLeft" id="section-10-4.1">
2623	<pre>	2689	<pre>
2624	Number \| Type \| Contact \| References	2690	Number \| Type \| Contact \| References
@@ -2632,7 +2698,7 @@ The registry shall record for each entry:<a href="#section-10-1" class="pilcrow"
2632	FIXME We have a lot more?	2698	FIXME We have a lot more?
2633	</pre>	2699	</pre>
2634	</div>	2700	</div>
2635	<figcaption><a href="#figure-20" class="selfRef">Figure 20</a></figcaption></figure>	2701	<figcaption><a href="#figure-21" class="selfRef">Figure 21</a></figcaption></figure>
2636	</div>	2702	</div>
2637	</section>	2703	</section>
2638	</div>	2704	</div>


diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt index 6d41ad3..da7a12f 100644 --- a/draft-schanzen-gns.txt +++ b/draft-schanzen-gns.txt
@@ -85,12 +85,12 @@ Table of Contents
85	6.2.5. VPN . . . . . . . . . . . . . . . . . . . . . . . . . 18	85	6.2.5. VPN . . . . . . . . . . . . . . . . . . . . . . . . . 18
86	6.2.6. NICK . . . . . . . . . . . . . . . . . . . . . . . . 19	86	6.2.6. NICK . . . . . . . . . . . . . . . . . . . . . . . . 19
87	7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19	87	7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19
88	8. Determining the Root Zone and Zone Governance . . . . . . . . 22	88	8. Determining the Root Zone and Zone Governance . . . . . . . . 23
89	9. Security Considerations . . . . . . . . . . . . . . . . . . . 23	89	9. Security Considerations . . . . . . . . . . . . . . . . . . . 24
90	10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23	90	10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
91	11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 24	91	11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 25
92	12. Normative References . . . . . . . . . . . . . . . . . . . . 26	92	12. Normative References . . . . . . . . . . . . . . . . . . . . 27
93	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27	93	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28
94		94
95	1. Introduction	95	1. Introduction
96		96
@@ -1142,7 +1142,7 @@ Internet-Draft The GNU Name System November 2019
1142	128 / 8)	1142	128 / 8)
1143	ALTERNATIVE:	1143	ALTERNATIVE:
1144	PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)	1144	PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
1145	IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);	1145	IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8);
1146		1146
1147		1147
1148	Figure 17	1148	Figure 17
@@ -1165,7 +1165,7 @@ Internet-Draft The GNU Name System November 2019
1165	algorithm. The proof of work is complete, if the following	1165	algorithm. The proof of work is complete, if the following
1166	inequality holds:	1166	inequality holds:
1167		1167
1168	scrypt(P := EREV) < 2^(39)-1	1168	POW := scrypt(P := EREV) < 2^(39)-1
1169		1169
1170		1170
1171	Figure 19	1171	Figure 19
@@ -1178,6 +1178,62 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 21]
1178	Internet-Draft The GNU Name System November 2019	1178	Internet-Draft The GNU Name System November 2019
1179		1179
1180		1180
		1181	In order to prove ownership over the revoked zone, the owner
		1182	calculates a signature over the following data:
		1183
		1184	0 8 16 24 32 40 48 56
		1185	+-----+-----+-----+-----+-----+-----+-----+-----+
		1186	\| SIGNATURE \|
		1187	\| \|
		1188	\| \|
		1189	\| \|
		1190	\| \|
		1191	\| \|
		1192	\| \|
		1193	\| \|
		1194	+-----+-----+-----+-----+-----+-----+-----+-----+
		1195	\| SIZE \| PURPOSE \|
		1196	+-----+-----+-----+-----+-----+-----+-----+-----+
		1197	\| PUBLIC KEY \|
		1198	\| \|
		1199	\| \|
		1200	\| \|
		1201	+-----+-----+-----+-----+-----+-----+-----+-----+
		1202	\| POW \|
		1203	+-----------------------------------------------+
		1204
		1205	Figure 20
		1206
		1207	where:
		1208
		1209	SIGNATURE A 512-bit ECDSA deterministic signature compliant with
		1210	[RFC6979]. The signature is computed over the data following the
		1211	SIZE, PURPOSE and PUBLIC KEY fields. The signature is created
		1212	using the private zone key "d" (see Section 2).
		1213
		1214	SIZE A 32-bit value containing the length of the signed data in
		1215	network byte order.
		1216
		1217	PURPOSE A 32-bit signature purpose flag. This field MUST be 3 (in
		1218	network byte order).
		1219
		1220	PUBLIC KEY is the 256-bit public key "zk" of the zone which is being
		1221	revoked and the key to be used to verify SIGNATURE. The wire
		1222	format of this value is defined in [RFC8032], Section 5.1.5.
		1223
		1224	POW The value of the proof of work.
		1225
		1226	The resulting block may now be published and disseminated. The
		1227	concrete dissemination and publication methods are out of scope of
		1228	this document.
		1229
		1230
		1231
		1232	Schanzenbach, et al. Expires 13 May 2020 [Page 22]
		1233
		1234	Internet-Draft The GNU Name System November 2019
		1235
		1236
1181	8. Determining the Root Zone and Zone Governance	1237	8. Determining the Root Zone and Zone Governance
1182		1238
1183	The resolution of a GNS name must start in a given start zone	1239	The resolution of a GNS name must start in a given start zone
@@ -1229,7 +1285,7 @@ Internet-Draft The GNU Name System November 2019
1229		1285
1230		1286
1231		1287
1232	Schanzenbach, et al. Expires 13 May 2020 [Page 22]	1288	Schanzenbach, et al. Expires 13 May 2020 [Page 23]
1233		1289
1234	Internet-Draft The GNU Name System November 2019	1290	Internet-Draft The GNU Name System November 2019
1235		1291
@@ -1285,7 +1341,7 @@ Internet-Draft The GNU Name System November 2019
1285		1341
1286		1342
1287		1343
1288	Schanzenbach, et al. Expires 13 May 2020 [Page 23]	1344	Schanzenbach, et al. Expires 13 May 2020 [Page 24]
1289		1345
1290	Internet-Draft The GNU Name System November 2019	1346	Internet-Draft The GNU Name System November 2019
1291		1347
@@ -1300,7 +1356,7 @@ Internet-Draft The GNU Name System November 2019
1300	65541 \| BOX \| N/A \| [This.I-D]	1356	65541 \| BOX \| N/A \| [This.I-D]
1301	FIXME We have a lot more?	1357	FIXME We have a lot more?
1302		1358
1303	Figure 20	1359	Figure 21
1304		1360
1305	11. Test Vectors	1361	11. Test Vectors
1306		1362
@@ -1341,7 +1397,7 @@ Internet-Draft The GNU Name System November 2019
1341		1397
1342		1398
1343		1399
1344	Schanzenbach, et al. Expires 13 May 2020 [Page 24]	1400	Schanzenbach, et al. Expires 13 May 2020 [Page 25]
1345		1401
1346	Internet-Draft The GNU Name System November 2019	1402	Internet-Draft The GNU Name System November 2019
1347		1403
@@ -1397,7 +1453,7 @@ Internet-Draft The GNU Name System November 2019
1397		1453
1398		1454
1399		1455
1400	Schanzenbach, et al. Expires 13 May 2020 [Page 25]	1456	Schanzenbach, et al. Expires 13 May 2020 [Page 26]
1401		1457
1402	Internet-Draft The GNU Name System November 2019	1458	Internet-Draft The GNU Name System November 2019
1403		1459
@@ -1453,7 +1509,7 @@ Internet-Draft The GNU Name System November 2019
1453		1509
1454		1510
1455		1511
1456	Schanzenbach, et al. Expires 13 May 2020 [Page 26]	1512	Schanzenbach, et al. Expires 13 May 2020 [Page 27]
1457		1513
1458	Internet-Draft The GNU Name System November 2019	1514	Internet-Draft The GNU Name System November 2019
1459		1515
@@ -1509,7 +1565,7 @@ Authors' Addresses
1509		1565
1510		1566
1511		1567
1512	Schanzenbach, et al. Expires 13 May 2020 [Page 27]	1568	Schanzenbach, et al. Expires 13 May 2020 [Page 28]
1513		1569
1514	Internet-Draft The GNU Name System November 2019	1570	Internet-Draft The GNU Name System November 2019
1515		1571
@@ -1565,4 +1621,4 @@ Internet-Draft The GNU Name System November 2019
1565		1621
1566		1622
1567		1623
1568	Schanzenbach, et al. Expires 13 May 2020 [Page 28]	1624	Schanzenbach, et al. Expires 13 May 2020 [Page 29]


diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 9bf1201..49ed467 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml
@@ -1205,7 +1205,7 @@
1205	128 / 8)	1205	128 / 8)
1206	ALTERNATIVE:	1206	ALTERNATIVE:
1207	PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)	1207	PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
1208	IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);	1208	IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8);
1209		1209
1210	]]></artwork>	1210	]]></artwork>
1211	</figure>	1211	</figure>
@@ -1226,18 +1226,81 @@
1226	AES(K[32:63], IV[0:15], REV))	1226	AES(K[32:63], IV[0:15], REV))
1227		1227
1228	]]></artwork>	1228	]]></artwork>
1229	</figure>	1229	</figure>
1230	<t>	1230	<t>
1231	The above EREV data object is again derived using the scrypt algorithm.	1231	The above EREV data object is again derived using the scrypt algorithm.
1232	The proof of work is complete, if the following inequality holds:	1232	The proof of work is complete, if the following inequality holds:
1233	</t>	1233	</t>
1234
1235	<figure>	1234	<figure>
1236	<artwork name="" type="" align="left" alt=""><![CDATA[	1235	<artwork name="" type="" align="left" alt=""><![CDATA[
1237	scrypt(P := EREV) < 2^(39)-1	1236	POW := scrypt(P := EREV) < 2^(39)-1
1238	]]>	1237	]]>
1239	</artwork>	1238	</artwork>
1240	</figure>	1239	</figure>
		1240	<t>
		1241	In order to prove ownership over the revoked zone, the owner calculates
		1242	a signature over the following data:
		1243	</t>
		1244	<figure anchor="figure_revocationdata">
		1245	<artwork name="" type="" align="left" alt=""><![CDATA[
		1246	0 8 16 24 32 40 48 56
		1247	+-----+-----+-----+-----+-----+-----+-----+-----+
		1248	\| SIGNATURE \|
		1249	\| \|
		1250	\| \|
		1251	\| \|
		1252	\| \|
		1253	\| \|
		1254	\| \|
		1255	\| \|
		1256	+-----+-----+-----+-----+-----+-----+-----+-----+
		1257	\| SIZE \| PURPOSE \|
		1258	+-----+-----+-----+-----+-----+-----+-----+-----+
		1259	\| PUBLIC KEY \|
		1260	\| \|
		1261	\| \|
		1262	\| \|
		1263	+-----+-----+-----+-----+-----+-----+-----+-----+
		1264	\| POW \|
		1265	+-----------------------------------------------+
		1266	]]></artwork>
		1267	</figure>
		1268	<t>where:</t>
		1269	<dl>
		1270	<dt>SIGNATURE</dt>
		1271	<dd>
		1272	A 512-bit ECDSA deterministic signature compliant with
		1273	<xref target="RFC6979" />. The signature is computed over the data
		1274	following the SIZE, PURPOSE and PUBLIC KEY fields.
		1275	The signature is created using the private zone key "d" (see
		1276	<xref target="zones" />).
		1277	</dd>
		1278	<dt>SIZE</dt>
		1279	<dd>
		1280	A 32-bit value containing the length of the signed data in network
		1281	byte order.
		1282	</dd>
		1283	<dt>PURPOSE</dt>
		1284	<dd>
		1285	A 32-bit signature purpose flag. This field MUST be 3 (in network
		1286	byte order).
		1287	</dd>
		1288	<dt>PUBLIC KEY</dt>
		1289	<dd>
		1290	is the 256-bit public key "zk" of the zone which is being revoked and
		1291	the key to be used to verify SIGNATURE. The
		1292	wire format of this value is defined in <xref target="RFC8032" />,
		1293	Section 5.1.5.
		1294	</dd>
		1295	<dt>POW</dt>
		1296	<dd>
		1297	The value of the proof of work.
		1298	</dd>
		1299	</dl>
		1300	<t>
		1301	The resulting block may now be published and disseminated. The concrete
		1302	dissemination and publication methods are out of scope of this document.
		1303	</t>
1241	</section>	1304	</section>
1242	<section anchor="governance" numbered="true" toc="default">	1305	<section anchor="governance" numbered="true" toc="default">
1243	<name>Determining the Root Zone and Zone Governance</name>	1306	<name>Determining the Root Zone and Zone Governance</name>