1 files changed, 49 insertions, 14 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 7658fa2..a4d94e6 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -1611,10 +1611,8 @@ q := SHA-512 (ZKDF-Public(zk, label))
       <dl>
         <dt>SIZE</dt>
         <dd>
-           A 32-bit value containing the length of the signed data following the
+           A 32-bit value containing the length of the block.
-           PUBLIC KEY field in network byte order. This value always includes the
+           While a 32-bit value is used,
-           length of the fields SIZE (4), PURPOSE (4) and EXPIRATION (8) in
-           addition to the length of the BDATA.  While a 32-bit value is used,
           implementations MAY refuse to publish blocks beyond a certain
           size significantly below 4 GB.
         </dd>
@@ -1630,19 +1628,13 @@ q := SHA-512 (ZKDF-Public(zk, label))
         </dd>
         <dt>SIGNATURE</dt>
         <dd>
-           The signature is computed over the data following
+           The signature is computed over the EXPIRATION and BDATA fields
-           this field.  The length and format of the signature depends on the ztype.
+           as detailed in <xref target="figure_rrsigwithpseudo"/>.
+           The length and format of the signature depends on the ztype.
           The signature is created using the Sign() function of
           the cryptosystem of the zone and the derived private key
           "ZKDF-Private(d, label)" (see <xref target="zones" />).
         </dd>
-         <!--<dt>PURPOSE</dt>
-         <dd>
-           A 32-bit signature purpose flag. For a RRBLOCK the value of this
-           field MUST be 15. The value is encoded in network byte order.
-           The value of this field corresponds to an entry in the
-           GANA "GNUnet Signature Purpose" registry.
-         </dd>FIXME: We need the signature wire format -->
         <dt>EXPIRATION</dt>
         <dd>
           Specifies when the RRBLOCK expires and the encrypted block
@@ -1659,9 +1651,52 @@ q := SHA-512 (ZKDF-Public(zk, label))
         </dd>
         <dt>BDATA</dt>
         <dd>
-           The encrypted RDATA with a total size of SIZE - 16.
+           The encrypted RDATA. Its size is determined by the S-Encrypt()
+           function of the ztype.
+         </dd>
+       </dl>
+       <t>
+         The signature over the public key covers a 32-bit pseudo header
+         conceptually prefixed to the EXPIRATION and the BDATA fields.
+         The wire format is illustrated
+         in <xref target="figure_rrsigwithpseudo"/>.
+       </t>
+       <figure anchor="figure_rrsigwithpseudo">
+         <artwork name="" type="" align="left" alt=""><![CDATA[
+0     8     16    24    32    40    48    56
+-----+-----+-----+-----+-----+-----+-----+-----+
+|         SIZE          |       PURPOSE (0x0F)  |
+-----+-----+-----+-----+-----+-----+-----+-----+
+|                   EXPIRATION                  |
+-----+-----+-----+-----+-----+-----+-----+-----+
+|                    BDATA                      |
+/                                               /
+/                                               /
+-----+-----+-----+-----+-----+-----+-----+-----+
+           ]]></artwork>
+       </figure>
+       <t>The Wire Format of the  for Signing.</t>
+       <dl>
+         <dt>SIZE</dt>
+         <dd>
+           A 32-bit value containing the length of the signed data in bytes
+           in network byte order.
         </dd>
+         <dt>PURPOSE</dt>
+         <dd>
+           A 32-bit signature purpose flag. For a RRBLOCK the value of this
+           field MUST be 15. The value is encoded in network byte order.
+           The value of this field corresponds to an entry in the
+           GANA "GNUnet Signature Purpose" registry.
+         </dd>
+         <dt>EXPIRATION</dt>
+         <dd>
+           Field as defined in the RRBLOCK message above.
+         </dd>
+         <dt>BDATA</dt>
+         <dd>Field as defined in the RRBLOCK message above.</dd>
       </dl>
       <t>
         A symmetric encryption scheme is used to encrypt the resource records
         set RDATA into the BDATA field of a GNS RRBLOCK.

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 7658fa2..a4d94e6 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml
@@ -1611,10 +1611,8 @@ q := SHA-512 (ZKDF-Public(zk, label))
1611	<dl>	1611	<dl>
1612	<dt>SIZE</dt>	1612	<dt>SIZE</dt>
1613	<dd>	1613	<dd>
1614	A 32-bit value containing the length of the signed data following the	1614	A 32-bit value containing the length of the block.
1615	PUBLIC KEY field in network byte order. This value always includes the	1615	While a 32-bit value is used,
1616	length of the fields SIZE (4), PURPOSE (4) and EXPIRATION (8) in
1617	addition to the length of the BDATA. While a 32-bit value is used,
1618	implementations MAY refuse to publish blocks beyond a certain	1616	implementations MAY refuse to publish blocks beyond a certain
1619	size significantly below 4 GB.	1617	size significantly below 4 GB.
1620	</dd>	1618	</dd>
@@ -1630,19 +1628,13 @@ q := SHA-512 (ZKDF-Public(zk, label))
1630	</dd>	1628	</dd>
1631	<dt>SIGNATURE</dt>	1629	<dt>SIGNATURE</dt>
1632	<dd>	1630	<dd>
1633	The signature is computed over the data following	1631	The signature is computed over the EXPIRATION and BDATA fields
1634	this field. The length and format of the signature depends on the ztype.	1632	as detailed in <xref target="figure_rrsigwithpseudo"/>.
		1633	The length and format of the signature depends on the ztype.
1635	The signature is created using the Sign() function of	1634	The signature is created using the Sign() function of
1636	the cryptosystem of the zone and the derived private key	1635	the cryptosystem of the zone and the derived private key
1637	"ZKDF-Private(d, label)" (see <xref target="zones" />).	1636	"ZKDF-Private(d, label)" (see <xref target="zones" />).
1638	</dd>	1637	</dd>
1639	<!--<dt>PURPOSE</dt>
1640	<dd>
1641	A 32-bit signature purpose flag. For a RRBLOCK the value of this
1642	field MUST be 15. The value is encoded in network byte order.
1643	The value of this field corresponds to an entry in the
1644	GANA "GNUnet Signature Purpose" registry.
1645	</dd>FIXME: We need the signature wire format -->
1646	<dt>EXPIRATION</dt>	1638	<dt>EXPIRATION</dt>
1647	<dd>	1639	<dd>
1648	Specifies when the RRBLOCK expires and the encrypted block	1640	Specifies when the RRBLOCK expires and the encrypted block
@@ -1659,9 +1651,52 @@ q := SHA-512 (ZKDF-Public(zk, label))
1659	</dd>	1651	</dd>
1660	<dt>BDATA</dt>	1652	<dt>BDATA</dt>
1661	<dd>	1653	<dd>
1662	The encrypted RDATA with a total size of SIZE - 16.	1654	The encrypted RDATA. Its size is determined by the S-Encrypt()
		1655	function of the ztype.
		1656	</dd>
		1657	</dl>
		1658	<t>
		1659	The signature over the public key covers a 32-bit pseudo header
		1660	conceptually prefixed to the EXPIRATION and the BDATA fields.
		1661	The wire format is illustrated
		1662	in <xref target="figure_rrsigwithpseudo"/>.
		1663	</t>
		1664	<figure anchor="figure_rrsigwithpseudo">
		1665	<artwork name="" type="" align="left" alt=""><![CDATA[
		1666	0 8 16 24 32 40 48 56
		1667	+-----+-----+-----+-----+-----+-----+-----+-----+
		1668	\| SIZE \| PURPOSE (0x0F) \|
		1669	+-----+-----+-----+-----+-----+-----+-----+-----+
		1670	\| EXPIRATION \|
		1671	+-----+-----+-----+-----+-----+-----+-----+-----+
		1672	\| BDATA \|
		1673	/ /
		1674	/ /
		1675	+-----+-----+-----+-----+-----+-----+-----+-----+
		1676	]]></artwork>
		1677	</figure>
		1678	<t>The Wire Format of the for Signing.</t>
		1679	<dl>
		1680	<dt>SIZE</dt>
		1681	<dd>
		1682	A 32-bit value containing the length of the signed data in bytes
		1683	in network byte order.
1663	</dd>	1684	</dd>
		1685	<dt>PURPOSE</dt>
		1686	<dd>
		1687	A 32-bit signature purpose flag. For a RRBLOCK the value of this
		1688	field MUST be 15. The value is encoded in network byte order.
		1689	The value of this field corresponds to an entry in the
		1690	GANA "GNUnet Signature Purpose" registry.
		1691	</dd>
		1692	<dt>EXPIRATION</dt>
		1693	<dd>
		1694	Field as defined in the RRBLOCK message above.
		1695	</dd>
		1696	<dt>BDATA</dt>
		1697	<dd>Field as defined in the RRBLOCK message above.</dd>
1664	</dl>	1698	</dl>
		1699
1665	<t>	1700	<t>
1666	A symmetric encryption scheme is used to encrypt the resource records	1701	A symmetric encryption scheme is used to encrypt the resource records
1667	set RDATA into the BDATA field of a GNS RRBLOCK.	1702	set RDATA into the BDATA field of a GNS RRBLOCK.