diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
| -rw-r--r-- | draft-schanzen-gns.xml | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index dfdde70..26d0d70 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
| @@ -87,6 +87,7 @@ | |||
| 87 | GNS is a decentralized and censorship-resistant name | 87 | GNS is a decentralized and censorship-resistant name |
| 88 | system that provides a privacy-enhancing alternative to the Domain | 88 | system that provides a privacy-enhancing alternative to the Domain |
| 89 | Name System (DNS). | 89 | Name System (DNS). |
| 90 | <!-- GNS is more. it is also extensible and more flexible --> | ||
| 90 | </t> | 91 | </t> |
| 91 | <t> | 92 | <t> |
| 92 | This document defines the normative wire format of resource records, | 93 | This document defines the normative wire format of resource records, |
| @@ -118,7 +119,7 @@ | |||
| 118 | and integrity of information on the Internet. | 119 | and integrity of information on the Internet. |
| 119 | </t> | 120 | </t> |
| 120 | <t> | 121 | <t> |
| 121 | DNS was not designed with security as a goal. This makes it very | 122 | DNS was not designed with security in mind. This makes it very |
| 122 | vulnerable, especially to attackers that have the technical capabilities | 123 | vulnerable, especially to attackers that have the technical capabilities |
| 123 | of an entire nation state at their disposal. | 124 | of an entire nation state at their disposal. |
| 124 | While a wider discussion of this issue is out of scope for this document, | 125 | While a wider discussion of this issue is out of scope for this document, |
| @@ -228,7 +229,12 @@ | |||
| 228 | <dt>Blinded Zone Key</dt> | 229 | <dt>Blinded Zone Key</dt> |
| 229 | <dd> | 230 | <dd> |
| 230 | A blinded zone key is derived from the zone key and a label. | 231 | A blinded zone key is derived from the zone key and a label. |
| 231 | The zone key and the blinded zone key are unlinkable without knowing the label. | 232 | The zone key and the blinded zone key are unlinkable without knowledge of the label. |
| 233 | </dd> | ||
| 234 | <dt>Zone Key Derivation Function</dt> | ||
| 235 | <dd> | ||
| 236 | The zone key derivation function (ZKDF) blinds a key using a label. | ||
| 237 | There are different functions for public and private keys, respectively. | ||
| 232 | </dd> | 238 | </dd> |
| 233 | <dt>Zone Owner</dt> | 239 | <dt>Zone Owner</dt> |
| 234 | <dd> | 240 | <dd> |
| @@ -352,7 +358,7 @@ | |||
| 352 | <dl> | 358 | <dl> |
| 353 | <dt>KeyGen() -> d, zk</dt> | 359 | <dt>KeyGen() -> d, zk</dt> |
| 354 | <dd> | 360 | <dd> |
| 355 | is a function to generate a fresh private key d and | 361 | is a function to generate a new private key d and |
| 356 | the corresponding public zone key zk. | 362 | the corresponding public zone key zk. |
| 357 | </dd> | 363 | </dd> |
| 358 | <dt>ZKDF-Private(d,label) -> d'</dt> | 364 | <dt>ZKDF-Private(d,label) -> d'</dt> |
| @@ -368,22 +374,22 @@ | |||
| 368 | is a zone key derivation function which blinds a zone key zk | 374 | is a zone key derivation function which blinds a zone key zk |
| 369 | using a label. zk and zk' must be unlinkable. Furthermore, | 375 | using a label. zk and zk' must be unlinkable. Furthermore, |
| 370 | blinding zk with different values for the label must result | 376 | blinding zk with different values for the label must result |
| 371 | in unlinkable zk' values. | 377 | in different, unlinkable zk' values. |
| 372 | </dd> | 378 | </dd> |
| 373 | <dt>S-Encrypt(zk,label,nonce,expiration,message) -> ciphertext</dt> | 379 | <dt>S-Encrypt(zk,label,expiration,message) -> ciphertext</dt> |
| 374 | <dd> | 380 | <dd> |
| 375 | is a symmetric encryption function which encrypts the record | 381 | is a symmetric encryption function which encrypts the record |
| 376 | data based on key material derived from the zone key, | 382 | data based on key material derived from the zone key, |
| 377 | a label, a nonce and an expiration. | 383 | a label, and an expiration timestamp. |
| 378 | In order to leverage performance-enhancing caching features of certain | 384 | In order to leverage performance-enhancing caching features of certain |
| 379 | underlying storages, in particular DHTs, a deterministic encryption | 385 | underlying storages, in particular DHTs, a deterministic encryption |
| 380 | scheme is recommended. | 386 | scheme is recommended. |
| 381 | </dd> | 387 | </dd> |
| 382 | <dt>S-Decrypt(zk,label,nonce,expiration,ciphertext) -> message</dt> | 388 | <dt>S-Decrypt(zk,label,expiration,ciphertext) -> message</dt> |
| 383 | <dd> | 389 | <dd> |
| 384 | is a symmetric decryption function which decrypts the encrypted record | 390 | is a symmetric decryption function which decrypts the encrypted record |
| 385 | data based on key material derived from the zone key, | 391 | data based on key material derived from the zone key, |
| 386 | a label, a nonce and an expiration. | 392 | a label, and an expiration timestamp. |
| 387 | </dd> | 393 | </dd> |
| 388 | <dt>Sign(d,message) -> signature, Sign(d',message) -> signature</dt> | 394 | <dt>Sign(d,message) -> signature, Sign(d',message) -> signature</dt> |
| 389 | <dd> | 395 | <dd> |
| @@ -508,7 +514,7 @@ zTLD := zkl[126..129].zkl[63..125].zkl[0..62] | |||
| 508 | published. | 514 | published. |
| 509 | This message MUST be signed using the private key. | 515 | This message MUST be signed using the private key. |
| 510 | The revocation message is broadcast to the network. | 516 | The revocation message is broadcast to the network. |
| 511 | The specification of the broadcast mechanism is out of scope of this | 517 | The specification of the broadcast mechanism is out of scope for this |
| 512 | document. | 518 | document. |
| 513 | A possible broadcast mechanism for efficient flooding in a distributed | 519 | A possible broadcast mechanism for efficient flooding in a distributed |
| 514 | network is implemented in <xref target="GNUnet"/>. | 520 | network is implemented in <xref target="GNUnet"/>. |
| @@ -1047,6 +1053,19 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
| 1047 | ]]></artwork> | 1053 | ]]></artwork> |
| 1048 | </figure> | 1054 | </figure> |
| 1049 | <t>The Block Counter Wire Format.</t> | 1055 | <t>The Block Counter Wire Format.</t> |
| 1056 | <figure anchor="figure_senc_pkey"> | ||
| 1057 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
| 1058 | S-Encrypt(zk,label,expiration,message): | ||
| 1059 | PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk) | ||
| 1060 | PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk) | ||
| 1061 | K := HKDF-Expand (PRK_k, label, 256 / 8); | ||
| 1062 | NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | ||
| 1063 | IV := NONCE | expiration | 0x0000000000000001 | ||
| 1064 | CIPHERTEXT := CTR-AES256(K, IV, DATA) | ||
| 1065 | DATA := CTR-AES256(K, IV, CIPHERTEXT) | ||
| 1066 | ]]></artwork> | ||
| 1067 | </figure> | ||
| 1068 | <t>The PKEY S-Encrypt Procedure.</t> | ||
| 1050 | </section> | 1069 | </section> |
| 1051 | <section anchor="gnsrecords_edkey" numbered="true" toc="default"> | 1070 | <section anchor="gnsrecords_edkey" numbered="true" toc="default"> |
| 1052 | <name>EDKEY</name> | 1071 | <name>EDKEY</name> |