diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 55 |
1 files changed, 43 insertions, 12 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 6cb8bb2..382b641 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -6,9 +6,11 @@ | |||
6 | <!ENTITY RFC2782 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2782.xml"> | 6 | <!ENTITY RFC2782 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2782.xml"> |
7 | <!ENTITY RFC3629 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3629.xml"> | 7 | <!ENTITY RFC3629 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3629.xml"> |
8 | <!ENTITY RFC3826 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3826.xml"> | 8 | <!ENTITY RFC3826 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3826.xml"> |
9 | <!ENTITY RFC3912 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3912.xml"> | ||
9 | <!ENTITY RFC5869 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5869.xml"> | 10 | <!ENTITY RFC5869 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5869.xml"> |
10 | <!ENTITY RFC5890 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml"> | 11 | <!ENTITY RFC5890 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml"> |
11 | <!ENTITY RFC5891 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5891.xml"> | 12 | <!ENTITY RFC5891 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5891.xml"> |
13 | <!ENTITY RFC6781 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6781.xml"> | ||
12 | <!ENTITY RFC6895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6895.xml"> | 14 | <!ENTITY RFC6895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6895.xml"> |
13 | <!ENTITY RFC6979 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6979.xml"> | 15 | <!ENTITY RFC6979 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6979.xml"> |
14 | <!ENTITY RFC7748 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7748.xml"> | 16 | <!ENTITY RFC7748 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7748.xml"> |
@@ -1152,7 +1154,7 @@ T := 64 /* Tag (=output) length in bytes */ | |||
1152 | p := 1 /* Parallelization parameter */ | 1154 | p := 1 /* Parallelization parameter */ |
1153 | v := 0x13 /* Version */ | 1155 | v := 0x13 /* Version */ |
1154 | y := 0 /* Type (Argon2d) */ | 1156 | y := 0 /* Type (Argon2d) */ |
1155 | X, K is unused | 1157 | X, K are unused |
1156 | ]]></artwork> | 1158 | ]]></artwork> |
1157 | <t> | 1159 | <t> |
1158 | The following is the message string "P" on which the PoW is | 1160 | The following is the message string "P" on which the PoW is |
@@ -1276,7 +1278,9 @@ X, K is unused | |||
1276 | <dt>POW_i</dt> | 1278 | <dt>POW_i</dt> |
1277 | <dd> | 1279 | <dd> |
1278 | The values calculated as part of the PoW. Each POW_i MUST | 1280 | The values calculated as part of the PoW. Each POW_i MUST |
1279 | be unique in the set of POW values. | 1281 | be unique in the set of POW values. To facilitate fast verification |
1282 | of uniqueness, the POW values must be given in strictly | ||
1283 | monotonically increasing order in the message. | ||
1280 | </dd> | 1284 | </dd> |
1281 | <dt>SIGNATURE</dt> | 1285 | <dt>SIGNATURE</dt> |
1282 | <dd> | 1286 | <dd> |
@@ -1450,6 +1454,18 @@ example.com = zk2 | |||
1450 | this document will be issued from time to time to reflect the current | 1454 | this document will be issued from time to time to reflect the current |
1451 | best practices in this area. | 1455 | best practices in this area. |
1452 | </t> | 1456 | </t> |
1457 | <t> | ||
1458 | GNS uses ECDSA over Curve25519. This is an unconventional choice, | ||
1459 | as ECDSA is usually used with other curves. However, traditional | ||
1460 | ECDSA curves are problematic for a range of reasons described in | ||
1461 | the Curve25519 and EdDSA papers. Using EdDSA directly is also | ||
1462 | not possible, as a hash function is used on the private key which | ||
1463 | destroys the linearity that the GNU Name System depends upon. | ||
1464 | We are not aware of anyone suggesting that using Curve25519 instead | ||
1465 | of another common curve of similar size would lower the security of | ||
1466 | ECDSA. GNS uses 256-bit curves because that way the encoded (public) | ||
1467 | keys fit into a single DNS label, which is good for usability. | ||
1468 | </t> | ||
1453 | </section> | 1469 | </section> |
1454 | <section anchor="security_abuse" numbered="true" toc="default"> | 1470 | <section anchor="security_abuse" numbered="true" toc="default"> |
1455 | <name>Abuse mitigation</name> | 1471 | <name>Abuse mitigation</name> |
@@ -1468,6 +1484,7 @@ example.com = zk2 | |||
1468 | However, the same mechanisms can also be abused in order to impose | 1484 | However, the same mechanisms can also be abused in order to impose |
1469 | state censorship, which ist one of the motivations behind GNS. | 1485 | state censorship, which ist one of the motivations behind GNS. |
1470 | Hence, such a seizure is, by design, difficult to impossible in GNS. | 1486 | Hence, such a seizure is, by design, difficult to impossible in GNS. |
1487 | In particular, GNS does not support WHOIS (<xref target="RFC3912" />). | ||
1471 | </t> | 1488 | </t> |
1472 | </section> | 1489 | </section> |
1473 | <section anchor="security_keymanagement" numbered="true" toc="default"> | 1490 | <section anchor="security_keymanagement" numbered="true" toc="default"> |
@@ -1475,11 +1492,13 @@ example.com = zk2 | |||
1475 | <t> | 1492 | <t> |
1476 | In GNS, zone administrators need to manage and protect their zone | 1493 | In GNS, zone administrators need to manage and protect their zone |
1477 | keys. Once a zone key is lost it cannot be recovered. Once it is | 1494 | keys. Once a zone key is lost it cannot be recovered. Once it is |
1478 | compromised it cannot be revoked (unless a revocation was | 1495 | compromised it cannot be revoked (unless a revocation message was |
1479 | pre-calculated and is still available). | 1496 | pre-calculated and is still available). |
1480 | Zone administrators, and for GNS this includes end-users, are | 1497 | Zone administrators, and for GNS this includes end-users, are |
1481 | required to responsibly and dilligently protect their cryptographic | 1498 | required to responsibly and dilligently protect their cryptographic |
1482 | keys. | 1499 | keys. Offline signing is in principle possible, but GNS does not |
1500 | support separate zone signing and key-signing keys | ||
1501 | (as in <xref target="RFC6781" />) in order to provide usable security. | ||
1483 | </t> | 1502 | </t> |
1484 | <t> | 1503 | <t> |
1485 | Similarly, users are required to manage their local root zone. | 1504 | Similarly, users are required to manage their local root zone. |
@@ -1519,16 +1538,16 @@ example.com = zk2 | |||
1519 | key is lost, compromised or replaced in the furture. | 1538 | key is lost, compromised or replaced in the furture. |
1520 | Pre-calculated revocations may become invalid due to expirations | 1539 | Pre-calculated revocations may become invalid due to expirations |
1521 | or protocol changes such as epoch adjustments. | 1540 | or protocol changes such as epoch adjustments. |
1522 | Conseuquently, implementors and users must make precautions in order | 1541 | Consequently, implementors and users must make precautions in order |
1523 | to manage revocations accordingly. | 1542 | to manage revocations accordingly. |
1524 | </t> | 1543 | </t> |
1525 | <t> | 1544 | <t> |
1526 | Revocation payloads do NOT include a 'new' key for key replacement. | 1545 | Revocation payloads do NOT include a 'new' key for key replacement. |
1527 | In inclusion of such a key would have two major disadvantages: | 1546 | Inclusion of such a key would have two major disadvantages: |
1528 | </t> | 1547 | </t> |
1529 | <t> | 1548 | <t> |
1530 | If revocation is used after a private key was compromised, | 1549 | If revocation is used after a private key was compromised, |
1531 | allowing key replacement would be dangerous, because if an | 1550 | allowing key replacement would be dangerous: if an |
1532 | adversary took over the private key, the adversary could then | 1551 | adversary took over the private key, the adversary could then |
1533 | broadcast a revocation with a key replacement. For the replacement, | 1552 | broadcast a revocation with a key replacement. For the replacement, |
1534 | the compromised owner would have no chance to issue even a | 1553 | the compromised owner would have no chance to issue even a |
@@ -1548,11 +1567,11 @@ example.com = zk2 | |||
1548 | </t> | 1567 | </t> |
1549 | </section> | 1568 | </section> |
1550 | </section> | 1569 | </section> |
1551 | <section anchor="iana" numbered="true" toc="default"> | 1570 | <section anchor="gana" numbered="true" toc="default"> |
1552 | <name>GANA Considerations</name> | 1571 | <name>GANA Considerations</name> |
1553 | <t> | 1572 | <t> |
1554 | GANA is requested to create an "GNU Name System Record Types" registry. | 1573 | GANA is requested to create an "GNU Name System Record Types" registry. |
1555 | The registry shall record for each entry: | 1574 | The registry shall record for each entry: |
1556 | </t> | 1575 | </t> |
1557 | <ul> | 1576 | <ul> |
1558 | <li>Name: The name of the record type (case-insensitive ASCII | 1577 | <li>Name: The name of the record type (case-insensitive ASCII |
@@ -1581,11 +1600,21 @@ Number | Name | Contact | References | Description | |||
1581 | 65540 | GNS2DNS | N/A | [This.I-D] | Delegation to DNS | 1600 | 65540 | GNS2DNS | N/A | [This.I-D] | Delegation to DNS |
1582 | 65541 | BOX | N/A | [This.I-D] | Boxed record | 1601 | 65541 | BOX | N/A | [This.I-D] | Boxed record |
1583 | ]]></artwork> | 1602 | ]]></artwork> |
1584 | <!-- <postamble>which is a very simple example.</postamble>--> | ||
1585 | </figure> | 1603 | </figure> |
1586 | 1604 | <t> | |
1605 | GANA is requested to amend the "GNUnet Signature Purpose" registry | ||
1606 | as follows: | ||
1607 | </t> | ||
1608 | <figure anchor="figure_purposenums"> | ||
1609 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
1610 | Purpose | Name | References | Description | ||
1611 | --------+-----------------+------------+-------------------------- | ||
1612 | 3 | GNS_REVOCATION | [This.I-D] | GNS zone key revocation | ||
1613 | 15 | GNS_RECORD_SIGN | [This.I-D] | GNS record set signature | ||
1614 | ]]></artwork> | ||
1615 | </figure> | ||
1587 | </section> | 1616 | </section> |
1588 | <!-- iana --> | 1617 | <!-- gana --> |
1589 | <section> | 1618 | <section> |
1590 | <name>Test Vectors</name> | 1619 | <name>Test Vectors</name> |
1591 | <t> | 1620 | <t> |
@@ -1677,9 +1706,11 @@ an1xB0eaIb6bSkuJ8aabl+3b3YBvYkMPu1XRVt+YpCM= | |||
1677 | &RFC2119; | 1706 | &RFC2119; |
1678 | &RFC3629; | 1707 | &RFC3629; |
1679 | &RFC3826; | 1708 | &RFC3826; |
1709 | &RFC3912; | ||
1680 | &RFC5869; | 1710 | &RFC5869; |
1681 | &RFC5890; | 1711 | &RFC5890; |
1682 | &RFC5891; | 1712 | &RFC5891; |
1713 | &RFC6781; | ||
1683 | &RFC6895; | 1714 | &RFC6895; |
1684 | &RFC6979; | 1715 | &RFC6979; |
1685 | &RFC7748; | 1716 | &RFC7748; |