diff options
Diffstat (limited to 'draft-schanzen-gns.txt')
-rw-r--r-- | draft-schanzen-gns.txt | 68 |
1 files changed, 34 insertions, 34 deletions
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt index baa1f7d..dd3d682 100644 --- a/draft-schanzen-gns.txt +++ b/draft-schanzen-gns.txt | |||
@@ -92,9 +92,10 @@ Table of Contents | |||
92 | A zone in GNS is defined by a public/private ECC key pair (x,y), | 92 | A zone in GNS is defined by a public/private ECC key pair (x,y), |
93 | where x is the private key and y the public key. The keys are | 93 | where x is the private key and y the public key. The keys are |
94 | constructed using the Curve25519 ECC scheme as defined in [RFC7748]. | 94 | constructed using the Curve25519 ECC scheme as defined in [RFC7748]. |
95 | The schemes defines that "y := x*P". The public key is used to | 95 | The schemes defines that "y := x*P" where "P" is the generator of the |
96 | uniquely identify and refer to the zone. Records published in the | 96 | respective elliptic curve. The public key "y" is used to uniquely |
97 | zone are signed using a private key derived from the private key as | 97 | identify and refer to the zone. Records published in the zone are |
98 | signed using a private key derived from the private key "d" as | ||
98 | described in Section 4. | 99 | described in Section 4. |
99 | 100 | ||
100 | 3. Resource records | 101 | 3. Resource records |
@@ -108,7 +109,6 @@ Table of Contents | |||
108 | 109 | ||
109 | 110 | ||
110 | 111 | ||
111 | |||
112 | Schanzenbach Expires 24 January 2020 [Page 2] | 112 | Schanzenbach Expires 24 January 2020 [Page 2] |
113 | 113 | ||
114 | Internet-Draft The GNU Name System July 2019 | 114 | Internet-Draft The GNU Name System July 2019 |
@@ -140,7 +140,8 @@ Internet-Draft The GNU Name System July 2019 | |||
140 | 140 | ||
141 | TYPE The resource record type. This type can be one of the GNS | 141 | TYPE The resource record type. This type can be one of the GNS |
142 | resource records as defined in Section 3.2 or a DNS record type as | 142 | resource records as defined in Section 3.2 or a DNS record type as |
143 | defined in [RFC1035]. | 143 | defined in [RFC1035] or any of the complementary standardized DNS |
144 | resource record types. | ||
144 | 145 | ||
145 | FLAGS Resource record flags. Flags are defined in Section 3.1. | 146 | FLAGS Resource record flags. Flags are defined in Section 3.1. |
146 | 147 | ||
@@ -155,13 +156,12 @@ Internet-Draft The GNU Name System July 2019 | |||
155 | 156 | ||
156 | The a PKEY DATA entry has the following format: | 157 | The a PKEY DATA entry has the following format: |
157 | 158 | ||
158 | 0 8 16 24 32 40 48 56 | 159 | |
159 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 160 | |
160 | | PUBLIC KEY | | 161 | |
161 | | | | 162 | |
162 | | | | 163 | |
163 | | | | 164 | |
164 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
165 | 165 | ||
166 | 166 | ||
167 | 167 | ||
@@ -170,6 +170,14 @@ Schanzenbach Expires 24 January 2020 [Page 3] | |||
170 | Internet-Draft The GNU Name System July 2019 | 170 | Internet-Draft The GNU Name System July 2019 |
171 | 171 | ||
172 | 172 | ||
173 | 0 8 16 24 32 40 48 56 | ||
174 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
175 | | PUBLIC KEY | | ||
176 | | | | ||
177 | | | | ||
178 | | | | ||
179 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
180 | |||
173 | Figure 2 | 181 | Figure 2 |
174 | 182 | ||
175 | 4. Publishing records | 183 | 4. Publishing records |
@@ -213,14 +221,6 @@ Internet-Draft The GNU Name System July 2019 | |||
213 | 221 | ||
214 | 222 | ||
215 | 223 | ||
216 | |||
217 | |||
218 | |||
219 | |||
220 | |||
221 | |||
222 | |||
223 | |||
224 | Schanzenbach Expires 24 January 2020 [Page 4] | 224 | Schanzenbach Expires 24 January 2020 [Page 4] |
225 | 225 | ||
226 | Internet-Draft The GNU Name System July 2019 | 226 | Internet-Draft The GNU Name System July 2019 |
@@ -289,21 +289,24 @@ Internet-Draft The GNU Name System July 2019 | |||
289 | 289 | ||
290 | Given a GNS record block a symmetric encryption scheme is used to | 290 | Given a GNS record block a symmetric encryption scheme is used to |
291 | en-/decrypt "BDATA". The keys are derived from the record label "l" | 291 | en-/decrypt "BDATA". The keys are derived from the record label "l" |
292 | and a public key "dG", where "d" is an ECDSA private key and "G" is a | 292 | and a public key "d*P", where "d" is an ECDSA private key and "P" is |
293 | EC generator. "d" and "dG" are derived from the public/private key | 293 | the EC generator. "d" and "dG" are derived from the public/private |
294 | pair "x,P" of a GNS zone. Both "l" and "P" are implicity known by | 294 | key pair "x,y" of a GNS zone. Both "l" and "P" are implicity known |
295 | the GNS resolver. The key material "K" and initialization vector | 295 | by the GNS resolver. The key material "K" and initialization vector |
296 | "IV" are derived as follows: | 296 | "IV" are derived as follows: |
297 | 297 | ||
298 | h := sha512 (l,y) | 298 | h := HKDF ("key-derivation", l|y|"gns") |
299 | d := h*x mod n | 299 | d := h*x mod p |
300 | K := HKDF (dG,l,"gns-aes-ctx-key") | 300 | K := HKDF (d*P, l|"gns-aes-ctx-key") |
301 | IV := HKDF (dG,l,"gns-aes-ctx-iv") | 301 | IV := HKDF (d*P, l|"gns-aes-ctx-iv") |
302 | 302 | ||
303 | "HKDF" is a hash-based key derivation function as defined in | 303 | "HKDF" is a hash-based key derivation function as defined in |
304 | [RFC5869]. For the XTR, we use HMAC-SHA512 and HMAC-SHA256 in PRF as | 304 | [RFC5869]. We use HMAC-SHA512 for the extraction phase and HMAC- |
305 | proposed in (paper). We divide "K" into a 256-bit AES key "Kaes" and | 305 | SHA256 for the expansion phase as proposed in (paper). The first |
306 | a 256-bit TWOFISH key "Ktwo". | 306 | argument for HKDF is the salt and the second argument is the |
307 | concatenated, serialized source key material. We divide the | ||
308 | resulting 512-bit "K" into a 256-bit AES key "Kaes" and a 256-bit | ||
309 | TWOFISH key "Ktwo": | ||
307 | 310 | ||
308 | 0 8 16 24 32 40 48 56 | 311 | 0 8 16 24 32 40 48 56 |
309 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 312 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
@@ -330,9 +333,6 @@ Internet-Draft The GNU Name System July 2019 | |||
330 | 333 | ||
331 | 334 | ||
332 | 335 | ||
333 | |||
334 | |||
335 | |||
336 | Schanzenbach Expires 24 January 2020 [Page 6] | 336 | Schanzenbach Expires 24 January 2020 [Page 6] |
337 | 337 | ||
338 | Internet-Draft The GNU Name System July 2019 | 338 | Internet-Draft The GNU Name System July 2019 |