1 files changed, 129 insertions, 73 deletions
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
index 9d62457..6d41ad3 100644
--- a/draft-schanzen-gns.txt
+++ b/draft-schanzen-gns.txt
@@ -85,11 +85,11 @@ Table of Contents
       6.2.5.  VPN . . . . . . . . . . . . . . . . . . . . . . . . .  18
       6.2.6.  NICK  . . . . . . . . . . . . . . . . . . . . . . . .  19
   7.  Zone Revocation . . . . . . . . . . . . . . . . . . . . . . .  19
-   8.  Determining the Root Zone and Zone Governance . . . . . . . .  21
+   8.  Determining the Root Zone and Zone Governance . . . . . . . .  22
-   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  22
+   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  23
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  23
-   11. Test Vectors  . . . . . . . . . . . . . . . . . . . . . . . .  23
+   11. Test Vectors  . . . . . . . . . . . . . . . . . . . . . . . .  24
-   12. Normative References  . . . . . . . . . . . . . . . . . . . .  25
+   12. Normative References  . . . . . . . . . . . . . . . . . . . .  26
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  27
 1.  Introduction
@@ -1073,6 +1073,16 @@ Internet-Draft             The GNU Name System             November 2019
   work.  The revocation message including the proof-of-work MAY be
   calculated ahead of time to support timely revocation.
+   For all occurences below, "scrypt" is the scrypt Password-based Key
+   Derivation Function as defined in [RFC7914] with the following
+   parameters set:
+            S := "gnunet-revocation-proof-of-work" /* Salt */
+            N := 2
+            r := 8 /* Block size */
+            p := 2 /* Parallelization parameter */
+            dkLen := 64 /* Intended output length in octets */
   The following the the basic data "REV" on which the proof-of work is
   calculated:
@@ -1096,12 +1106,30 @@ Internet-Draft             The GNU Name System             November 2019
   3.  Encrypt the REV data using K and IV.
-   4.  Derive the proof of work from the encrypted REV.
+   4.  Derive the proof of work from the encrypted REV and check against
+       the proof condition.
+   The first step in the PoW is a call to scrypt with the REV data as
+   password parameter to derive the initial key material K:
            K := scrypt (P := REV)
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 20]
+Internet-Draft             The GNU Name System             November 2019
                                 Figure 16
+   The second step is to derive an initialization vector using a Hash-
+   based Key Derivation Function as defined in ([RFC5869]).
+   Specifically, HMAC-SHA512 is used for the extraction phase and HMAC-
+   SHA256 for the expansion phase.
+              STATUS QUO:
              PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
                                       K[0,31])
              PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
@@ -1112,36 +1140,43 @@ Internet-Draft             The GNU Name System             November 2019
              IV_two := HKDF-Expand (PRK_two,
                                     "gnunet-revocation-proof-of-work,
                                     128 / 8)
+              ALTERNATIVE:
-                                 Figure 17
+              PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
+              IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);
+                                 Figure 17
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 20]
+   We divide the resulting keying material "K" into a 256-bit AES
+   [RFC3826] key and a 256-bit TWOFISH [TWOFISH] key and use IV as
-Internet-Draft             The GNU Name System             November 2019
+   corresponding initialization vectors:
+              STATUS QUO:
              EREV := TWOFISH(K[0:31], IV_two,
                              AES(K[32:63], IV_aes, REV))
+              ALTERNATIVE:
+              EREV := TWOFISH(K[0:31], IV[16:31],
+                              AES(K[32:63], IV[0:15], REV))
                                 Figure 18
-   The above EREV data object is calculated with different values for
+   The above EREV data object is again derived using the scrypt
-   the "NONCE" in "REV" until the following inequality holds:
+   algorithm.  The proof of work is complete, if the following
+   inequality holds:
            scrypt(P := EREV) < 2^(39)-1
                                 Figure 19
-   For all occurences above, "scrypt" is the scrypt algorithm as defined
-   in [RFC7914] with the following parameters set:
-            S := "gnunet-revocation-proof-of-work" /* Salt */
-            N := 2
-            r := 8 /* Block size */
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 21]
-            p := 2 /* Parallelization parameter */
-            dkLen := 64 /* Intended output length in octets */
+Internet-Draft             The GNU Name System             November 2019
 8.  Determining the Root Zone and Zone Governance
@@ -1169,15 +1204,6 @@ Internet-Draft             The GNU Name System             November 2019
   GNS clients SHOULD first try to interpret the top-level domain of a
   GNS name as a zone key.  For example. if the top-level domain is a
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 21]
-Internet-Draft             The GNU Name System             November 2019
   Base32-encoded public zone key "zk", the root zone of the resolution
   process is implicitly given by the name:
@@ -1200,6 +1226,14 @@ Internet-Draft             The GNU Name System             November 2019
            => Entry zone: zk1
            => Name to resolve from entry zone: www.example
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 22]
+Internet-Draft             The GNU Name System             November 2019
   Finally, additional "suffix to zone" mappings MAY be configured.
   Suffix to zone key mappings SHOULD be configurable through a local
   configuration file or database by the user or system administrator.
@@ -1223,17 +1257,6 @@ Internet-Draft             The GNU Name System             November 2019
   TODO
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 22]
-Internet-Draft             The GNU Name System             November 2019
 10.  IANA Considerations
   IANA is requested to create an "GNU Name System Record Type"
@@ -1254,6 +1277,19 @@ Internet-Draft             The GNU Name System             November 2019
   Served", as described in [RFC8126].  IANA is requested to populate
   this registry as follows:
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 23]
+Internet-Draft             The GNU Name System             November 2019
              Number   | Type            | Contact | References
              ---------+-----------------+---------+---------
              65536    | PKEY            | N/A     | [This.I-D]
@@ -1282,14 +1318,6 @@ Internet-Draft             The GNU Name System             November 2019
            zk (public zone key) :=
            dff911496d025d7e
            0885c03d19153e99
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 23]
-Internet-Draft             The GNU Name System             November 2019
            4f213f23ea719eca
            17fc32dc410e082e
@@ -1310,6 +1338,14 @@ Internet-Draft             The GNU Name System             November 2019
            0017c802f7d32e18
            q (query key) :=
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 24]
+Internet-Draft             The GNU Name System             November 2019
            6fce4deddc5ad681
            f4e29a3310767e3b
            8b38bc1b276ce2ba
@@ -1339,13 +1375,6 @@ Internet-Draft             The GNU Name System             November 2019
            071be189a9d236f9
            b4a3654bb8c281d4
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 24]
-Internet-Draft             The GNU Name System             November 2019
            RDATA :=
            0000000100059412 RR COUNT | EXPIRA-
            09ddea0f00000014  -TION    | DATA SIZE (20)
@@ -1365,6 +1394,14 @@ Internet-Draft             The GNU Name System             November 2019
            afc99ba9c5a3bb54
            07e731a34680ee33
            ae0de7bfeda7d2b7
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 25]
+Internet-Draft             The GNU Name System             November 2019
            8c6b854a008b1b54
            10df4f39f5ba9f46____________
            8cb514a56c0eaae0 zk_h
@@ -1393,15 +1430,6 @@ Internet-Draft             The GNU Name System             November 2019
              specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
              November 1987, <https://www.rfc-editor.org/info/rfc1035>.
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 25]
-Internet-Draft             The GNU Name System             November 2019
   [RFC2782]  Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
              specifying the location of services (DNS SRV)", RFC 2782,
              DOI 10.17487/RFC2782, February 2000,
@@ -1422,6 +1450,14 @@ Internet-Draft             The GNU Name System             November 2019
              DOI 10.17487/RFC3826, June 2004,
              <https://www.rfc-editor.org/info/rfc3826>.
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 26]
+Internet-Draft             The GNU Name System             November 2019
   [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
              Key Derivation Function (HKDF)", RFC 5869,
              DOI 10.17487/RFC5869, May 2010,
@@ -1450,14 +1486,6 @@ Internet-Draft             The GNU Name System             November 2019
              for Security", RFC 7748, DOI 10.17487/RFC7748, January
              2016, <https://www.rfc-editor.org/info/rfc7748>.
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 26]
-Internet-Draft             The GNU Name System             November 2019
   [RFC8032]  Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
              Signature Algorithm (EdDSA)", RFC 8032,
              DOI 10.17487/RFC8032, January 2017,
@@ -1477,6 +1505,15 @@ Internet-Draft             The GNU Name System             November 2019
 Authors' Addresses
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 27]
+Internet-Draft             The GNU Name System             November 2019
   Martin Schanzenbach
   GNUnet e.V.
   Boltzmannstrasse 3
@@ -1509,4 +1546,23 @@ Authors' Addresses
-Schanzenbach, et al.       Expires 13 May 2020                 [Page 27]
+Schanzenbach, et al.       Expires 13 May 2020                 [Page 28]

diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt index 9d62457..6d41ad3 100644 --- a/draft-schanzen-gns.txt +++ b/draft-schanzen-gns.txt
@@ -85,11 +85,11 @@ Table of Contents
85	6.2.5. VPN . . . . . . . . . . . . . . . . . . . . . . . . . 18	85	6.2.5. VPN . . . . . . . . . . . . . . . . . . . . . . . . . 18
86	6.2.6. NICK . . . . . . . . . . . . . . . . . . . . . . . . 19	86	6.2.6. NICK . . . . . . . . . . . . . . . . . . . . . . . . 19
87	7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19	87	7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19
88	8. Determining the Root Zone and Zone Governance . . . . . . . . 21	88	8. Determining the Root Zone and Zone Governance . . . . . . . . 22
89	9. Security Considerations . . . . . . . . . . . . . . . . . . . 22	89	9. Security Considerations . . . . . . . . . . . . . . . . . . . 23
90	10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23	90	10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23
91	11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 23	91	11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 24
92	12. Normative References . . . . . . . . . . . . . . . . . . . . 25	92	12. Normative References . . . . . . . . . . . . . . . . . . . . 26
93	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27	93	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27
94		94
95	1. Introduction	95	1. Introduction
@@ -1073,6 +1073,16 @@ Internet-Draft The GNU Name System November 2019
1073	work. The revocation message including the proof-of-work MAY be	1073	work. The revocation message including the proof-of-work MAY be
1074	calculated ahead of time to support timely revocation.	1074	calculated ahead of time to support timely revocation.
1075		1075
		1076	For all occurences below, "scrypt" is the scrypt Password-based Key
		1077	Derivation Function as defined in [RFC7914] with the following
		1078	parameters set:
		1079
		1080	S := "gnunet-revocation-proof-of-work" /* Salt */
		1081	N := 2
		1082	r := 8 /* Block size */
		1083	p := 2 /* Parallelization parameter */
		1084	dkLen := 64 /* Intended output length in octets */
		1085
1076	The following the the basic data "REV" on which the proof-of work is	1086	The following the the basic data "REV" on which the proof-of work is
1077	calculated:	1087	calculated:
1078		1088
@@ -1096,12 +1106,30 @@ Internet-Draft The GNU Name System November 2019
1096		1106
1097	3. Encrypt the REV data using K and IV.	1107	3. Encrypt the REV data using K and IV.
1098		1108
1099	4. Derive the proof of work from the encrypted REV.	1109	4. Derive the proof of work from the encrypted REV and check against
		1110	the proof condition.
		1111
		1112	The first step in the PoW is a call to scrypt with the REV data as
		1113	password parameter to derive the initial key material K:
1100		1114
1101	K := scrypt (P := REV)	1115	K := scrypt (P := REV)
1102		1116
		1117
		1118
		1119
		1120	Schanzenbach, et al. Expires 13 May 2020 [Page 20]
		1121
		1122	Internet-Draft The GNU Name System November 2019
		1123
		1124
1103	Figure 16	1125	Figure 16
1104		1126
		1127	The second step is to derive an initialization vector using a Hash-
		1128	based Key Derivation Function as defined in ([RFC5869]).
		1129	Specifically, HMAC-SHA512 is used for the extraction phase and HMAC-
		1130	SHA256 for the expansion phase.
		1131
		1132	STATUS QUO:
1105	PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",	1133	PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
1106	K[0,31])	1134	K[0,31])
1107	PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",	1135	PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
@@ -1112,36 +1140,43 @@ Internet-Draft The GNU Name System November 2019
1112	IV_two := HKDF-Expand (PRK_two,	1140	IV_two := HKDF-Expand (PRK_two,
1113	"gnunet-revocation-proof-of-work,	1141	"gnunet-revocation-proof-of-work,
1114	128 / 8)	1142	128 / 8)
1115		1143	ALTERNATIVE:
1116	Figure 17	1144	PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
		1145	IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);
1117		1146
1118		1147
		1148	Figure 17
1119		1149
1120	Schanzenbach, et al. Expires 13 May 2020 [Page 20]	1150	We divide the resulting keying material "K" into a 256-bit AES
1121		1151	[RFC3826] key and a 256-bit TWOFISH [TWOFISH] key and use IV as
1122	Internet-Draft The GNU Name System November 2019	1152	corresponding initialization vectors:
1123
1124		1153
		1154	STATUS QUO:
1125	EREV := TWOFISH(K[0:31], IV_two,	1155	EREV := TWOFISH(K[0:31], IV_two,
1126	AES(K[32:63], IV_aes, REV))	1156	AES(K[32:63], IV_aes, REV))
		1157	ALTERNATIVE:
		1158	EREV := TWOFISH(K[0:31], IV[16:31],
		1159	AES(K[32:63], IV[0:15], REV))
		1160
1127		1161
1128	Figure 18	1162	Figure 18
1129		1163
1130	The above EREV data object is calculated with different values for	1164	The above EREV data object is again derived using the scrypt
1131	the "NONCE" in "REV" until the following inequality holds:	1165	algorithm. The proof of work is complete, if the following
		1166	inequality holds:
1132		1167
1133	scrypt(P := EREV) < 2^(39)-1	1168	scrypt(P := EREV) < 2^(39)-1
1134		1169
		1170
1135	Figure 19	1171	Figure 19
1136		1172
1137	For all occurences above, "scrypt" is the scrypt algorithm as defined
1138	in [RFC7914] with the following parameters set:
1139		1173
1140	S := "gnunet-revocation-proof-of-work" /* Salt */	1174
1141	N := 2	1175
1142	r := 8 /* Block size */	1176	Schanzenbach, et al. Expires 13 May 2020 [Page 21]
1143	p := 2 /* Parallelization parameter */	1177
1144	dkLen := 64 /* Intended output length in octets */	1178	Internet-Draft The GNU Name System November 2019
		1179
1145		1180
1146	8. Determining the Root Zone and Zone Governance	1181	8. Determining the Root Zone and Zone Governance
1147		1182
@@ -1169,15 +1204,6 @@ Internet-Draft The GNU Name System November 2019
1169		1204
1170	GNS clients SHOULD first try to interpret the top-level domain of a	1205	GNS clients SHOULD first try to interpret the top-level domain of a
1171	GNS name as a zone key. For example. if the top-level domain is a	1206	GNS name as a zone key. For example. if the top-level domain is a
1172
1173
1174
1175
1176	Schanzenbach, et al. Expires 13 May 2020 [Page 21]
1177
1178	Internet-Draft The GNU Name System November 2019
1179
1180
1181	Base32-encoded public zone key "zk", the root zone of the resolution	1207	Base32-encoded public zone key "zk", the root zone of the resolution
1182	process is implicitly given by the name:	1208	process is implicitly given by the name:
1183		1209
@@ -1200,6 +1226,14 @@ Internet-Draft The GNU Name System November 2019
1200	=> Entry zone: zk1	1226	=> Entry zone: zk1
1201	=> Name to resolve from entry zone: www.example	1227	=> Name to resolve from entry zone: www.example
1202		1228
		1229
		1230
		1231
		1232	Schanzenbach, et al. Expires 13 May 2020 [Page 22]
		1233
		1234	Internet-Draft The GNU Name System November 2019
		1235
		1236
1203	Finally, additional "suffix to zone" mappings MAY be configured.	1237	Finally, additional "suffix to zone" mappings MAY be configured.
1204	Suffix to zone key mappings SHOULD be configurable through a local	1238	Suffix to zone key mappings SHOULD be configurable through a local
1205	configuration file or database by the user or system administrator.	1239	configuration file or database by the user or system administrator.
@@ -1223,17 +1257,6 @@ Internet-Draft The GNU Name System November 2019
1223		1257
1224	TODO	1258	TODO
1225		1259
1226
1227
1228
1229
1230
1231
1232	Schanzenbach, et al. Expires 13 May 2020 [Page 22]
1233
1234	Internet-Draft The GNU Name System November 2019
1235
1236
1237	10. IANA Considerations	1260	10. IANA Considerations
1238		1261
1239	IANA is requested to create an "GNU Name System Record Type"	1262	IANA is requested to create an "GNU Name System Record Type"
@@ -1254,6 +1277,19 @@ Internet-Draft The GNU Name System November 2019
1254	Served", as described in [RFC8126]. IANA is requested to populate	1277	Served", as described in [RFC8126]. IANA is requested to populate
1255	this registry as follows:	1278	this registry as follows:
1256		1279
		1280
		1281
		1282
		1283
		1284
		1285
		1286
		1287
		1288	Schanzenbach, et al. Expires 13 May 2020 [Page 23]
		1289
		1290	Internet-Draft The GNU Name System November 2019
		1291
		1292
1257	Number \| Type \| Contact \| References	1293	Number \| Type \| Contact \| References
1258	---------+-----------------+---------+---------	1294	---------+-----------------+---------+---------
1259	65536 \| PKEY \| N/A \| [This.I-D]	1295	65536 \| PKEY \| N/A \| [This.I-D]
@@ -1282,14 +1318,6 @@ Internet-Draft The GNU Name System November 2019
1282	zk (public zone key) :=	1318	zk (public zone key) :=
1283	dff911496d025d7e	1319	dff911496d025d7e
1284	0885c03d19153e99	1320	0885c03d19153e99
1285
1286
1287
1288	Schanzenbach, et al. Expires 13 May 2020 [Page 23]
1289
1290	Internet-Draft The GNU Name System November 2019
1291
1292
1293	4f213f23ea719eca	1321	4f213f23ea719eca
1294	17fc32dc410e082e	1322	17fc32dc410e082e
1295		1323
@@ -1310,6 +1338,14 @@ Internet-Draft The GNU Name System November 2019
1310	0017c802f7d32e18	1338	0017c802f7d32e18
1311		1339
1312	q (query key) :=	1340	q (query key) :=
		1341
		1342
		1343
		1344	Schanzenbach, et al. Expires 13 May 2020 [Page 24]
		1345
		1346	Internet-Draft The GNU Name System November 2019
		1347
		1348
1313	6fce4deddc5ad681	1349	6fce4deddc5ad681
1314	f4e29a3310767e3b	1350	f4e29a3310767e3b
1315	8b38bc1b276ce2ba	1351	8b38bc1b276ce2ba
@@ -1339,13 +1375,6 @@ Internet-Draft The GNU Name System November 2019
1339	071be189a9d236f9	1375	071be189a9d236f9
1340	b4a3654bb8c281d4	1376	b4a3654bb8c281d4
1341		1377
1342
1343
1344	Schanzenbach, et al. Expires 13 May 2020 [Page 24]
1345
1346	Internet-Draft The GNU Name System November 2019
1347
1348
1349	RDATA :=	1378	RDATA :=
1350	0000000100059412 RR COUNT \| EXPIRA-	1379	0000000100059412 RR COUNT \| EXPIRA-
1351	09ddea0f00000014 -TION \| DATA SIZE (20)	1380	09ddea0f00000014 -TION \| DATA SIZE (20)
@@ -1365,6 +1394,14 @@ Internet-Draft The GNU Name System November 2019
1365	afc99ba9c5a3bb54	1394	afc99ba9c5a3bb54
1366	07e731a34680ee33	1395	07e731a34680ee33
1367	ae0de7bfeda7d2b7	1396	ae0de7bfeda7d2b7
		1397
		1398
		1399
		1400	Schanzenbach, et al. Expires 13 May 2020 [Page 25]
		1401
		1402	Internet-Draft The GNU Name System November 2019
		1403
		1404
1368	8c6b854a008b1b54	1405	8c6b854a008b1b54
1369	10df4f39f5ba9f46____________	1406	10df4f39f5ba9f46____________
1370	8cb514a56c0eaae0 zk_h	1407	8cb514a56c0eaae0 zk_h
@@ -1393,15 +1430,6 @@ Internet-Draft The GNU Name System November 2019
1393	specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,	1430	specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
1394	November 1987, <https://www.rfc-editor.org/info/rfc1035>.	1431	November 1987, <https://www.rfc-editor.org/info/rfc1035>.
1395		1432
1396
1397
1398
1399
1400	Schanzenbach, et al. Expires 13 May 2020 [Page 25]
1401
1402	Internet-Draft The GNU Name System November 2019
1403
1404
1405	[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for	1433	[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
1406	specifying the location of services (DNS SRV)", RFC 2782,	1434	specifying the location of services (DNS SRV)", RFC 2782,
1407	DOI 10.17487/RFC2782, February 2000,	1435	DOI 10.17487/RFC2782, February 2000,
@@ -1422,6 +1450,14 @@ Internet-Draft The GNU Name System November 2019
1422	DOI 10.17487/RFC3826, June 2004,	1450	DOI 10.17487/RFC3826, June 2004,
1423	<https://www.rfc-editor.org/info/rfc3826>.	1451	<https://www.rfc-editor.org/info/rfc3826>.
1424		1452
		1453
		1454
		1455
		1456	Schanzenbach, et al. Expires 13 May 2020 [Page 26]
		1457
		1458	Internet-Draft The GNU Name System November 2019
		1459
		1460
1425	[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand	1461	[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
1426	Key Derivation Function (HKDF)", RFC 5869,	1462	Key Derivation Function (HKDF)", RFC 5869,
1427	DOI 10.17487/RFC5869, May 2010,	1463	DOI 10.17487/RFC5869, May 2010,
@@ -1450,14 +1486,6 @@ Internet-Draft The GNU Name System November 2019
1450	for Security", RFC 7748, DOI 10.17487/RFC7748, January	1486	for Security", RFC 7748, DOI 10.17487/RFC7748, January
1451	2016, <https://www.rfc-editor.org/info/rfc7748>.	1487	2016, <https://www.rfc-editor.org/info/rfc7748>.
1452		1488
1453
1454
1455
1456	Schanzenbach, et al. Expires 13 May 2020 [Page 26]
1457
1458	Internet-Draft The GNU Name System November 2019
1459
1460
1461	[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital	1489	[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
1462	Signature Algorithm (EdDSA)", RFC 8032,	1490	Signature Algorithm (EdDSA)", RFC 8032,
1463	DOI 10.17487/RFC8032, January 2017,	1491	DOI 10.17487/RFC8032, January 2017,
@@ -1477,6 +1505,15 @@ Internet-Draft The GNU Name System November 2019
1477		1505
1478	Authors' Addresses	1506	Authors' Addresses
1479		1507
		1508
		1509
		1510
		1511
		1512	Schanzenbach, et al. Expires 13 May 2020 [Page 27]
		1513
		1514	Internet-Draft The GNU Name System November 2019
		1515
		1516
1480	Martin Schanzenbach	1517	Martin Schanzenbach
1481	GNUnet e.V.	1518	GNUnet e.V.
1482	Boltzmannstrasse 3	1519	Boltzmannstrasse 3
@@ -1509,4 +1546,23 @@ Authors' Addresses
1509		1546
1510		1547
1511		1548
1512	Schanzenbach, et al. Expires 13 May 2020 [Page 27]	1549
		1550
		1551
		1552
		1553
		1554
		1555
		1556
		1557
		1558
		1559
		1560
		1561
		1562
		1563
		1564
		1565
		1566
		1567
		1568	Schanzenbach, et al. Expires 13 May 2020 [Page 28]