diff options
-rw-r--r-- | draft-schanzen-gns.html | 78 | ||||
-rw-r--r-- | draft-schanzen-gns.txt | 88 | ||||
-rw-r--r-- | draft-schanzen-gns.xml | 79 |
3 files changed, 215 insertions, 30 deletions
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html index 81923c6..1ed4743 100644 --- a/draft-schanzen-gns.html +++ b/draft-schanzen-gns.html | |||
@@ -2462,7 +2462,7 @@ table { | |||
2462 | 128 / 8) | 2462 | 128 / 8) |
2463 | ALTERNATIVE: | 2463 | ALTERNATIVE: |
2464 | PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K) | 2464 | PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K) |
2465 | IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8); | 2465 | IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8); |
2466 | 2466 | ||
2467 | </pre> | 2467 | </pre> |
2468 | </div> | 2468 | </div> |
@@ -2486,16 +2486,82 @@ table { | |||
2486 | </div> | 2486 | </div> |
2487 | <figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure> | 2487 | <figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure> |
2488 | <p id="section-7-15"> | 2488 | <p id="section-7-15"> |
2489 | The above EREV data object is again derived using the scrypt algorithm. | 2489 | The above EREV data object is again derived using the scrypt algorithm. |
2490 | The proof of work is complete, if the following inequality holds:<a href="#section-7-15" class="pilcrow">¶</a></p> | 2490 | The proof of work is complete, if the following inequality holds:<a href="#section-7-15" class="pilcrow">¶</a></p> |
2491 | <figure id="figure-19"> | 2491 | <figure id="figure-19"> |
2492 | <div class="artwork art-text alignLeft" id="section-7-16.1"> | 2492 | <div class="artwork art-text alignLeft" id="section-7-16.1"> |
2493 | <pre> | 2493 | <pre> |
2494 | scrypt(P := EREV) < 2^(39)-1 | 2494 | POW := scrypt(P := EREV) < 2^(39)-1 |
2495 | 2495 | ||
2496 | </pre> | 2496 | </pre> |
2497 | </div> | 2497 | </div> |
2498 | <figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure> | 2498 | <figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure> |
2499 | <p id="section-7-17"> | ||
2500 | In order to prove ownership over the revoked zone, the owner calculates | ||
2501 | a signature over the following data:<a href="#section-7-17" class="pilcrow">¶</a></p> | ||
2502 | <div id="figure_revocationdata"> | ||
2503 | <figure id="figure-20"> | ||
2504 | <div class="artwork art-text alignLeft" id="section-7-18.1"> | ||
2505 | <pre> | ||
2506 | 0 8 16 24 32 40 48 56 | ||
2507 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
2508 | | SIGNATURE | | ||
2509 | | | | ||
2510 | | | | ||
2511 | | | | ||
2512 | | | | ||
2513 | | | | ||
2514 | | | | ||
2515 | | | | ||
2516 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
2517 | | SIZE | PURPOSE | | ||
2518 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
2519 | | PUBLIC KEY | | ||
2520 | | | | ||
2521 | | | | ||
2522 | | | | ||
2523 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
2524 | | POW | | ||
2525 | +-----------------------------------------------+ | ||
2526 | </pre> | ||
2527 | </div> | ||
2528 | <figcaption><a href="#figure-20" class="selfRef">Figure 20</a></figcaption></figure> | ||
2529 | </div> | ||
2530 | <p id="section-7-19">where:<a href="#section-7-19" class="pilcrow">¶</a></p> | ||
2531 | <dl class="dlParallel" id="section-7-20"> | ||
2532 | <dt id="section-7-20.1">SIGNATURE</dt> | ||
2533 | <dd id="section-7-20.2"> | ||
2534 | A 512-bit ECDSA deterministic signature compliant with | ||
2535 | <span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span>. The signature is computed over the data | ||
2536 | following the SIZE, PURPOSE and PUBLIC KEY fields. | ||
2537 | The signature is created using the private zone key "d" (see | ||
2538 | <a href="#zones" class="xref">Section 2</a>).<a href="#section-7-20.2" class="pilcrow">¶</a> | ||
2539 | </dd> | ||
2540 | <dt id="section-7-20.3">SIZE</dt> | ||
2541 | <dd id="section-7-20.4"> | ||
2542 | A 32-bit value containing the length of the signed data in network | ||
2543 | byte order.<a href="#section-7-20.4" class="pilcrow">¶</a> | ||
2544 | </dd> | ||
2545 | <dt id="section-7-20.5">PURPOSE</dt> | ||
2546 | <dd id="section-7-20.6"> | ||
2547 | A 32-bit signature purpose flag. This field MUST be 3 (in network | ||
2548 | byte order).<a href="#section-7-20.6" class="pilcrow">¶</a> | ||
2549 | </dd> | ||
2550 | <dt id="section-7-20.7">PUBLIC KEY</dt> | ||
2551 | <dd id="section-7-20.8"> | ||
2552 | is the 256-bit public key "zk" of the zone which is being revoked and | ||
2553 | the key to be used to verify SIGNATURE. The | ||
2554 | wire format of this value is defined in <span>[<a href="#RFC8032" class="xref">RFC8032</a>]</span>, | ||
2555 | Section 5.1.5.<a href="#section-7-20.8" class="pilcrow">¶</a> | ||
2556 | </dd> | ||
2557 | <dt id="section-7-20.9">POW</dt> | ||
2558 | <dd id="section-7-20.10"> | ||
2559 | The value of the proof of work.<a href="#section-7-20.10" class="pilcrow">¶</a> | ||
2560 | </dd> | ||
2561 | </dl> | ||
2562 | <p id="section-7-21"> | ||
2563 | The resulting block may now be published and disseminated. The concrete | ||
2564 | dissemination and publication methods are out of scope of this document.<a href="#section-7-21" class="pilcrow">¶</a></p> | ||
2499 | </section> | 2565 | </section> |
2500 | </div> | 2566 | </div> |
2501 | <div id="governance"> | 2567 | <div id="governance"> |
@@ -2618,7 +2684,7 @@ The registry shall record for each entry:<a href="#section-10-1" class="pilcrow" | |||
2618 | Served", as described in <span>[<a href="#RFC8126" class="xref">RFC8126</a>]</span>. | 2684 | Served", as described in <span>[<a href="#RFC8126" class="xref">RFC8126</a>]</span>. |
2619 | IANA is requested to populate this registry as follows:<a href="#section-10-3" class="pilcrow">¶</a></p> | 2685 | IANA is requested to populate this registry as follows:<a href="#section-10-3" class="pilcrow">¶</a></p> |
2620 | <div id="figure_rrtypenums"> | 2686 | <div id="figure_rrtypenums"> |
2621 | <figure id="figure-20"> | 2687 | <figure id="figure-21"> |
2622 | <div class="artwork art-text alignLeft" id="section-10-4.1"> | 2688 | <div class="artwork art-text alignLeft" id="section-10-4.1"> |
2623 | <pre> | 2689 | <pre> |
2624 | Number | Type | Contact | References | 2690 | Number | Type | Contact | References |
@@ -2632,7 +2698,7 @@ The registry shall record for each entry:<a href="#section-10-1" class="pilcrow" | |||
2632 | FIXME We have a lot more? | 2698 | FIXME We have a lot more? |
2633 | </pre> | 2699 | </pre> |
2634 | </div> | 2700 | </div> |
2635 | <figcaption><a href="#figure-20" class="selfRef">Figure 20</a></figcaption></figure> | 2701 | <figcaption><a href="#figure-21" class="selfRef">Figure 21</a></figcaption></figure> |
2636 | </div> | 2702 | </div> |
2637 | </section> | 2703 | </section> |
2638 | </div> | 2704 | </div> |
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt index 6d41ad3..da7a12f 100644 --- a/draft-schanzen-gns.txt +++ b/draft-schanzen-gns.txt | |||
@@ -85,12 +85,12 @@ Table of Contents | |||
85 | 6.2.5. VPN . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 85 | 6.2.5. VPN . . . . . . . . . . . . . . . . . . . . . . . . . 18 |
86 | 6.2.6. NICK . . . . . . . . . . . . . . . . . . . . . . . . 19 | 86 | 6.2.6. NICK . . . . . . . . . . . . . . . . . . . . . . . . 19 |
87 | 7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19 | 87 | 7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19 |
88 | 8. Determining the Root Zone and Zone Governance . . . . . . . . 22 | 88 | 8. Determining the Root Zone and Zone Governance . . . . . . . . 23 |
89 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 23 | 89 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 24 |
90 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 | 90 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 |
91 | 11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 24 | 91 | 11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 25 |
92 | 12. Normative References . . . . . . . . . . . . . . . . . . . . 26 | 92 | 12. Normative References . . . . . . . . . . . . . . . . . . . . 27 |
93 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 | 93 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28 |
94 | 94 | ||
95 | 1. Introduction | 95 | 1. Introduction |
96 | 96 | ||
@@ -1142,7 +1142,7 @@ Internet-Draft The GNU Name System November 2019 | |||
1142 | 128 / 8) | 1142 | 128 / 8) |
1143 | ALTERNATIVE: | 1143 | ALTERNATIVE: |
1144 | PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K) | 1144 | PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K) |
1145 | IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8); | 1145 | IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8); |
1146 | 1146 | ||
1147 | 1147 | ||
1148 | Figure 17 | 1148 | Figure 17 |
@@ -1165,7 +1165,7 @@ Internet-Draft The GNU Name System November 2019 | |||
1165 | algorithm. The proof of work is complete, if the following | 1165 | algorithm. The proof of work is complete, if the following |
1166 | inequality holds: | 1166 | inequality holds: |
1167 | 1167 | ||
1168 | scrypt(P := EREV) < 2^(39)-1 | 1168 | POW := scrypt(P := EREV) < 2^(39)-1 |
1169 | 1169 | ||
1170 | 1170 | ||
1171 | Figure 19 | 1171 | Figure 19 |
@@ -1178,6 +1178,62 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 21] | |||
1178 | Internet-Draft The GNU Name System November 2019 | 1178 | Internet-Draft The GNU Name System November 2019 |
1179 | 1179 | ||
1180 | 1180 | ||
1181 | In order to prove ownership over the revoked zone, the owner | ||
1182 | calculates a signature over the following data: | ||
1183 | |||
1184 | 0 8 16 24 32 40 48 56 | ||
1185 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1186 | | SIGNATURE | | ||
1187 | | | | ||
1188 | | | | ||
1189 | | | | ||
1190 | | | | ||
1191 | | | | ||
1192 | | | | ||
1193 | | | | ||
1194 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1195 | | SIZE | PURPOSE | | ||
1196 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1197 | | PUBLIC KEY | | ||
1198 | | | | ||
1199 | | | | ||
1200 | | | | ||
1201 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1202 | | POW | | ||
1203 | +-----------------------------------------------+ | ||
1204 | |||
1205 | Figure 20 | ||
1206 | |||
1207 | where: | ||
1208 | |||
1209 | SIGNATURE A 512-bit ECDSA deterministic signature compliant with | ||
1210 | [RFC6979]. The signature is computed over the data following the | ||
1211 | SIZE, PURPOSE and PUBLIC KEY fields. The signature is created | ||
1212 | using the private zone key "d" (see Section 2). | ||
1213 | |||
1214 | SIZE A 32-bit value containing the length of the signed data in | ||
1215 | network byte order. | ||
1216 | |||
1217 | PURPOSE A 32-bit signature purpose flag. This field MUST be 3 (in | ||
1218 | network byte order). | ||
1219 | |||
1220 | PUBLIC KEY is the 256-bit public key "zk" of the zone which is being | ||
1221 | revoked and the key to be used to verify SIGNATURE. The wire | ||
1222 | format of this value is defined in [RFC8032], Section 5.1.5. | ||
1223 | |||
1224 | POW The value of the proof of work. | ||
1225 | |||
1226 | The resulting block may now be published and disseminated. The | ||
1227 | concrete dissemination and publication methods are out of scope of | ||
1228 | this document. | ||
1229 | |||
1230 | |||
1231 | |||
1232 | Schanzenbach, et al. Expires 13 May 2020 [Page 22] | ||
1233 | |||
1234 | Internet-Draft The GNU Name System November 2019 | ||
1235 | |||
1236 | |||
1181 | 8. Determining the Root Zone and Zone Governance | 1237 | 8. Determining the Root Zone and Zone Governance |
1182 | 1238 | ||
1183 | The resolution of a GNS name must start in a given start zone | 1239 | The resolution of a GNS name must start in a given start zone |
@@ -1229,7 +1285,7 @@ Internet-Draft The GNU Name System November 2019 | |||
1229 | 1285 | ||
1230 | 1286 | ||
1231 | 1287 | ||
1232 | Schanzenbach, et al. Expires 13 May 2020 [Page 22] | 1288 | Schanzenbach, et al. Expires 13 May 2020 [Page 23] |
1233 | 1289 | ||
1234 | Internet-Draft The GNU Name System November 2019 | 1290 | Internet-Draft The GNU Name System November 2019 |
1235 | 1291 | ||
@@ -1285,7 +1341,7 @@ Internet-Draft The GNU Name System November 2019 | |||
1285 | 1341 | ||
1286 | 1342 | ||
1287 | 1343 | ||
1288 | Schanzenbach, et al. Expires 13 May 2020 [Page 23] | 1344 | Schanzenbach, et al. Expires 13 May 2020 [Page 24] |
1289 | 1345 | ||
1290 | Internet-Draft The GNU Name System November 2019 | 1346 | Internet-Draft The GNU Name System November 2019 |
1291 | 1347 | ||
@@ -1300,7 +1356,7 @@ Internet-Draft The GNU Name System November 2019 | |||
1300 | 65541 | BOX | N/A | [This.I-D] | 1356 | 65541 | BOX | N/A | [This.I-D] |
1301 | FIXME We have a lot more? | 1357 | FIXME We have a lot more? |
1302 | 1358 | ||
1303 | Figure 20 | 1359 | Figure 21 |
1304 | 1360 | ||
1305 | 11. Test Vectors | 1361 | 11. Test Vectors |
1306 | 1362 | ||
@@ -1341,7 +1397,7 @@ Internet-Draft The GNU Name System November 2019 | |||
1341 | 1397 | ||
1342 | 1398 | ||
1343 | 1399 | ||
1344 | Schanzenbach, et al. Expires 13 May 2020 [Page 24] | 1400 | Schanzenbach, et al. Expires 13 May 2020 [Page 25] |
1345 | 1401 | ||
1346 | Internet-Draft The GNU Name System November 2019 | 1402 | Internet-Draft The GNU Name System November 2019 |
1347 | 1403 | ||
@@ -1397,7 +1453,7 @@ Internet-Draft The GNU Name System November 2019 | |||
1397 | 1453 | ||
1398 | 1454 | ||
1399 | 1455 | ||
1400 | Schanzenbach, et al. Expires 13 May 2020 [Page 25] | 1456 | Schanzenbach, et al. Expires 13 May 2020 [Page 26] |
1401 | 1457 | ||
1402 | Internet-Draft The GNU Name System November 2019 | 1458 | Internet-Draft The GNU Name System November 2019 |
1403 | 1459 | ||
@@ -1453,7 +1509,7 @@ Internet-Draft The GNU Name System November 2019 | |||
1453 | 1509 | ||
1454 | 1510 | ||
1455 | 1511 | ||
1456 | Schanzenbach, et al. Expires 13 May 2020 [Page 26] | 1512 | Schanzenbach, et al. Expires 13 May 2020 [Page 27] |
1457 | 1513 | ||
1458 | Internet-Draft The GNU Name System November 2019 | 1514 | Internet-Draft The GNU Name System November 2019 |
1459 | 1515 | ||
@@ -1509,7 +1565,7 @@ Authors' Addresses | |||
1509 | 1565 | ||
1510 | 1566 | ||
1511 | 1567 | ||
1512 | Schanzenbach, et al. Expires 13 May 2020 [Page 27] | 1568 | Schanzenbach, et al. Expires 13 May 2020 [Page 28] |
1513 | 1569 | ||
1514 | Internet-Draft The GNU Name System November 2019 | 1570 | Internet-Draft The GNU Name System November 2019 |
1515 | 1571 | ||
@@ -1565,4 +1621,4 @@ Internet-Draft The GNU Name System November 2019 | |||
1565 | 1621 | ||
1566 | 1622 | ||
1567 | 1623 | ||
1568 | Schanzenbach, et al. Expires 13 May 2020 [Page 28] | 1624 | Schanzenbach, et al. Expires 13 May 2020 [Page 29] |
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 9bf1201..49ed467 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -1205,7 +1205,7 @@ | |||
1205 | 128 / 8) | 1205 | 128 / 8) |
1206 | ALTERNATIVE: | 1206 | ALTERNATIVE: |
1207 | PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K) | 1207 | PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K) |
1208 | IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8); | 1208 | IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8); |
1209 | 1209 | ||
1210 | ]]></artwork> | 1210 | ]]></artwork> |
1211 | </figure> | 1211 | </figure> |
@@ -1226,18 +1226,81 @@ | |||
1226 | AES(K[32:63], IV[0:15], REV)) | 1226 | AES(K[32:63], IV[0:15], REV)) |
1227 | 1227 | ||
1228 | ]]></artwork> | 1228 | ]]></artwork> |
1229 | </figure> | 1229 | </figure> |
1230 | <t> | 1230 | <t> |
1231 | The above EREV data object is again derived using the scrypt algorithm. | 1231 | The above EREV data object is again derived using the scrypt algorithm. |
1232 | The proof of work is complete, if the following inequality holds: | 1232 | The proof of work is complete, if the following inequality holds: |
1233 | </t> | 1233 | </t> |
1234 | |||
1235 | <figure> | 1234 | <figure> |
1236 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1235 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1237 | scrypt(P := EREV) < 2^(39)-1 | 1236 | POW := scrypt(P := EREV) < 2^(39)-1 |
1238 | ]]> | 1237 | ]]> |
1239 | </artwork> | 1238 | </artwork> |
1240 | </figure> | 1239 | </figure> |
1240 | <t> | ||
1241 | In order to prove ownership over the revoked zone, the owner calculates | ||
1242 | a signature over the following data: | ||
1243 | </t> | ||
1244 | <figure anchor="figure_revocationdata"> | ||
1245 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
1246 | 0 8 16 24 32 40 48 56 | ||
1247 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1248 | | SIGNATURE | | ||
1249 | | | | ||
1250 | | | | ||
1251 | | | | ||
1252 | | | | ||
1253 | | | | ||
1254 | | | | ||
1255 | | | | ||
1256 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1257 | | SIZE | PURPOSE | | ||
1258 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1259 | | PUBLIC KEY | | ||
1260 | | | | ||
1261 | | | | ||
1262 | | | | ||
1263 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1264 | | POW | | ||
1265 | +-----------------------------------------------+ | ||
1266 | ]]></artwork> | ||
1267 | </figure> | ||
1268 | <t>where:</t> | ||
1269 | <dl> | ||
1270 | <dt>SIGNATURE</dt> | ||
1271 | <dd> | ||
1272 | A 512-bit ECDSA deterministic signature compliant with | ||
1273 | <xref target="RFC6979" />. The signature is computed over the data | ||
1274 | following the SIZE, PURPOSE and PUBLIC KEY fields. | ||
1275 | The signature is created using the private zone key "d" (see | ||
1276 | <xref target="zones" />). | ||
1277 | </dd> | ||
1278 | <dt>SIZE</dt> | ||
1279 | <dd> | ||
1280 | A 32-bit value containing the length of the signed data in network | ||
1281 | byte order. | ||
1282 | </dd> | ||
1283 | <dt>PURPOSE</dt> | ||
1284 | <dd> | ||
1285 | A 32-bit signature purpose flag. This field MUST be 3 (in network | ||
1286 | byte order). | ||
1287 | </dd> | ||
1288 | <dt>PUBLIC KEY</dt> | ||
1289 | <dd> | ||
1290 | is the 256-bit public key "zk" of the zone which is being revoked and | ||
1291 | the key to be used to verify SIGNATURE. The | ||
1292 | wire format of this value is defined in <xref target="RFC8032" />, | ||
1293 | Section 5.1.5. | ||
1294 | </dd> | ||
1295 | <dt>POW</dt> | ||
1296 | <dd> | ||
1297 | The value of the proof of work. | ||
1298 | </dd> | ||
1299 | </dl> | ||
1300 | <t> | ||
1301 | The resulting block may now be published and disseminated. The concrete | ||
1302 | dissemination and publication methods are out of scope of this document. | ||
1303 | </t> | ||
1241 | </section> | 1304 | </section> |
1242 | <section anchor="governance" numbered="true" toc="default"> | 1305 | <section anchor="governance" numbered="true" toc="default"> |
1243 | <name>Determining the Root Zone and Zone Governance</name> | 1306 | <name>Determining the Root Zone and Zone Governance</name> |