diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 261 |
1 files changed, 126 insertions, 135 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 49851ab..0b3f691 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -164,9 +164,9 @@ | |||
164 | being published by its owner for resolution by other parties. | 164 | being published by its owner for resolution by other parties. |
165 | Records are grouped by their label, and encrypted using an encryption | 165 | Records are grouped by their label, and encrypted using an encryption |
166 | key derived from the label and the zone public key (see <xref target="records_block"/>). | 166 | key derived from the label and the zone public key (see <xref target="records_block"/>). |
167 | Instead of the zone private key d, the signature MUST | 167 | Instead of the zone private key d, a GNS zone MUST support the creation |
168 | be created using a blinded public/private key pair. | 168 | of signatures using a blinded public/private key pair. |
169 | This blinding is realized using a deterministic key | 169 | This blinding is commonly realized using a deterministic key |
170 | derivation scheme. | 170 | derivation scheme. |
171 | Such a scheme allows the deterministic derivation of keys from | 171 | Such a scheme allows the deterministic derivation of keys from |
172 | the original public and private zone keys using record label values. | 172 | the original public and private zone keys using record label values. |
@@ -183,45 +183,88 @@ | |||
183 | without disclosing the originating zone. | 183 | without disclosing the originating zone. |
184 | </t> | 184 | </t> |
185 | <t> | 185 | <t> |
186 | Based on the above, the following variables are associated with a zone in GNS: | 186 | Based on the above, the following variables are associated with a zone in |
187 | GNS and used in the following throughout this specification. | ||
187 | </t> | 188 | </t> |
189 | <section anchor="ztype" numbered="true" toc="default"> | ||
190 | <name>Zone Type</name> | ||
191 | <t> | ||
192 | The Zone Type ztype is the unique zone type of the zone as registered | ||
193 | in the GNUnet Assigned Numbers Authority <xref target="GANA" />. | ||
194 | The Zone Type determines which cryptosystem is used for the | ||
195 | asymmetric and symmetric key operations of the zone. | ||
196 | The zone type is identified by a 32-bit number. | ||
197 | It always corresponds to a resource record type number identifying a | ||
198 | delegation into a zone of this type. | ||
199 | </t> | ||
200 | <t> | ||
201 | For any zone, d is the private zone key. zk is the public zone key. | ||
202 | The specific formats depends on the Zone Type. | ||
203 | The default zone delegation record types are specified in | ||
204 | <xref target="rrecords"/>. | ||
205 | New Zone Types may be specified in the future, for example if the | ||
206 | cryptographic mechanisms used in this document are broken. | ||
207 | Any Zone Type MUST define the following set of cryptographic functions: | ||
208 | </t> | ||
188 | <dl> | 209 | <dl> |
189 | <dt>ztype</dt> | 210 | <dt>Private-KeyGen() -> d</dt> |
190 | <dd> | 211 | <dd> |
191 | is the unique zone type of the zone as registered in the | 212 | is a function to generate a fresh private zone key d. |
192 | GNUnet Assigned Numbers Authority <xref target="GANA" />. | ||
193 | The zone type determines which cryptosystem is used for the | ||
194 | asymmetric and symmetric key operations of the zone. A 32-bit number. | ||
195 | </dd> | 213 | </dd> |
196 | <dt>d</dt> | 214 | <dt>Public-KeyGen(d) -> zk</dt> |
197 | <dd> | 215 | <dd> |
198 | is the private zone key. The specific format depends on the zone type. | 216 | is a function to derive a public zone key zk from a private key d. |
199 | </dd> | 217 | </dd> |
200 | <dt>zk</dt> | 218 | <dt>ZKDF-Private(d,label) -> d'</dt> |
201 | <dd> | 219 | <dd> |
202 | is the public zone key. The specific format depends on the zone type. | 220 | is a zone key derivation function which blinds a private zone key d |
221 | using label, resulting in another private key which | ||
222 | can be used to create cryptographic signatures. | ||
203 | </dd> | 223 | </dd> |
204 | <dt>zid</dt> | 224 | <dt>ZKDF-Public(zk,label) -> zk'</dt> |
205 | <dd> | 225 | <dd> |
206 | is the zone identifier, a unique public identifier of a zone. | 226 | is a zone key derivation function which blinds a public zone key zk |
207 | It consists of the ztype and the public zone key zk. | 227 | using a label. zk and zk' must be unlinkable. Furthermore, |
228 | blinding zk with different values for the label must result | ||
229 | in unlinkable different resulting values for zk'. | ||
208 | </dd> | 230 | </dd> |
209 | <dt>zkl</dt> | 231 | <dt>S-Encrypt(zk,label,nonce,expiration,rdata) -> bdata</dt> |
210 | <dd> | 232 | <dd> |
211 | is the zone key label. It is a string representation of the zone identifier. | 233 | is a deterministic symmetric encryption function which encrypts the record |
234 | data rdata based on key material derived from the public zone key, | ||
235 | a label, a nonce and an expiration. | ||
236 | In order to leverage performance-enhancing caching features of certain | ||
237 | underlying storages, in particular DHTs, a deterministic encryption | ||
238 | scheme is recommended. | ||
212 | </dd> | 239 | </dd> |
213 | <dt>zTLD</dt> | 240 | <dt>S-Decrypt(zk,label,nonce,expiration,bdata) -> rdata</dt> |
214 | <dd> | 241 | <dd> |
215 | is the Zone Top-Level Domain. It is a string which encodes the zone key | 242 | is a symmetric encryption function which decrypts the encrypted record |
216 | label into a domain name. | 243 | data bdata based on key material derived from the public zone key, |
217 | The zTLD is used as a globally unique reference to a specific | 244 | a label, a nonce an expiration. |
218 | namespace in the process of name resolution. | 245 | </dd> |
246 | <dt>Sign(d',bdata) -> sig</dt> | ||
247 | <dd> | ||
248 | is a function to sign bdata using the (blinded) private key | ||
249 | d', yielding an unforgable cryptographic signature. | ||
250 | </dd> | ||
251 | <dt>Verify(zk',bdata,sig) -> valid</dt> | ||
252 | <dd> | ||
253 | is a function to verify the signature sig was created by | ||
254 | the a private key d' derived from d and a label if | ||
255 | zk' was derived from the corresponding zone key | ||
256 | zk := Public-Keygen(d) and same label. | ||
257 | The function returns a boolean value of "TRUE" if the signature is valid, | ||
258 | and otherwise "FALSE". | ||
219 | </dd> | 259 | </dd> |
220 | </dl> | 260 | </dl> |
261 | </section> | ||
221 | <section anchor="zid" numbered="true" toc="default"> | 262 | <section anchor="zid" numbered="true" toc="default"> |
222 | <name>Zone ID</name> | 263 | <name>Zone ID</name> |
223 | <t> | 264 | |
224 | The Zone ID wire format is illustrated in <xref target="figure_zid"/>. | 265 | <t>The Zone ID zid is a unique public identifier of a zone. |
266 | It consists of the ztype and the public zone key zk. | ||
267 | The wire format is illustrated in <xref target="figure_zid"/>. | ||
225 | </t> | 268 | </t> |
226 | <figure anchor="figure_zid"> | 269 | <figure anchor="figure_zid"> |
227 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 270 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
@@ -233,18 +276,27 @@ | |||
233 | / / | 276 | / / |
234 | ]]></artwork> | 277 | ]]></artwork> |
235 | </figure> | 278 | </figure> |
236 | <t> | 279 | </section> |
237 | The zone key label is derived from the zone identifier using the Crockford Base32 | 280 | <section anchor="zTLD" numbered="true" toc="default"> |
238 | encoding <xref target="CrockfordB32"/> but the letter "U" is decoded to | 281 | <name>Zone Top-Level Domain</name> |
239 | the same Base32 value as the letter "V" in order to further increase | 282 | |
240 | tolerance for failures in character recognition. | 283 | <t> |
241 | The encoding and decoding symbols for Crockford Base32 including this modification are defined in | 284 | The zTLD is the Zone Top-Level Domain. |
242 | <xref target="CrockfordB32Encode"/>. | 285 | It is a string which encodes the zone key into a domain name. |
243 | The functions for encoding and decoding based on this table are called | 286 | The zTLD is used as a globally unique reference to a specific |
244 | GNSCrockfordEncode and GNSCrockfordDecode, respectively. | 287 | namespace in the process of name resolution. |
245 | </t> | 288 | To encode the zone key, a zone key label zkl is derived from the Zone |
246 | <figure anchor="CrockfordB32Encode"> | 289 | ID using the Crockford Base32 |
247 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 290 | encoding <xref target="CrockfordB32"/> but the letter "U" is decoded to |
291 | the same Base32 value as the letter "V" in order to further increase | ||
292 | tolerance for failures in character recognition. | ||
293 | The encoding and decoding symbols for Crockford Base32 including this modification are defined in | ||
294 | <xref target="CrockfordB32Encode"/>. | ||
295 | The functions for encoding and decoding based on this table are called | ||
296 | GNSCrockfordEncode and GNSCrockfordDecode, respectively. | ||
297 | </t> | ||
298 | <figure anchor="CrockfordB32Encode"> | ||
299 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
248 | Symbol Decode Encode | 300 | Symbol Decode Encode |
249 | Value Symbol Symbol | 301 | Value Symbol Symbol |
250 | 0 0 O o 0 | 302 | 0 0 O o 0 |
@@ -280,95 +332,33 @@ Value Symbol Symbol | |||
280 | 30 Y y Y | 332 | 30 Y y Y |
281 | 31 Z z Z | 333 | 31 Z z Z |
282 | ]]></artwork> | 334 | ]]></artwork> |
283 | </figure> | 335 | </figure> |
284 | <t> | 336 | <t> |
285 | The Base32-Crockford Alphabet Including the Additional U Encode Symbol. | 337 | The Base32-Crockford Alphabet Including the Additional U Encode Symbol. |
286 | </t> | 338 | </t> |
287 | <t> | 339 | <t> |
288 | For the string representation of a zone identifier we define: | 340 | For the string representation of a zone identifier we define: |
289 | </t> | 341 | </t> |
290 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 342 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
291 | zkl := GNSCrockfordEncode(zid) | 343 | zkl := GNSCrockfordEncode(zid) |
292 | zid := GNSCrockfordDecode(zkl) | 344 | zid := GNSCrockfordDecode(zkl) |
293 | ]]></artwork> | 345 | ]]></artwork> |
294 | <t> | 346 | <t> |
295 | If zkl is less than 63 characters, it can directly be | 347 | If zkl is less than 63 characters, it can directly be |
296 | used as a zTLD. | 348 | used as a zTLD. |
297 | If zkl is be longer than 63 characters, the | 349 | If zkl is be longer than 63 characters, the |
298 | zTLD is constructed by dividing zkl into smaller labels separated by the | 350 | zTLD is constructed by dividing zkl into smaller labels separated by the |
299 | label separator ".". | 351 | label separator ".". |
300 | Here, the most significant bytes of the "zid" must be contained | 352 | Here, the most significant bytes of the "zid" must be contained |
301 | in the rightmost label of the resulting string and the least significant | 353 | in the rightmost label of the resulting string and the least significant |
302 | bytes in the leftmost label of the resulting string. This allows the | 354 | bytes in the leftmost label of the resulting string. This allows the |
303 | resolver to determine the zone type and zkl length from the rightmost label. | 355 | resolver to determine the zone type and zkl length from the rightmost label. |
304 | For example, assuming a zkl of 130 characters, the encoding would be: | 356 | For example, assuming a zkl of 130 characters, the encoding would be: |
305 | </t> | 357 | </t> |
306 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 358 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
307 | zTLD := zkl[126:129].zkl[63:125].zkl[0:62] | 359 | zTLD := zkl[126:129].zkl[63:125].zkl[0:62] |
308 | ]]></artwork> | 360 | ]]></artwork> |
309 | </section> | 361 | </section> |
310 | <section anchor="zone_types" numbered="true" toc="default"> | ||
311 | <name>Zone Type</name> | ||
312 | <t> | ||
313 | The zone type is identified by a 32-bit number. The zone type number | ||
314 | always corresponds to a resource record type number identifying a | ||
315 | delegation into a zone of this type. | ||
316 | Resource record types are discussed in the Section <xref target="rrecords"/>. | ||
317 | A zone type defines a family of eight functions: | ||
318 | </t> | ||
319 | <dl> | ||
320 | <dt>Private-KeyGen() -> d</dt> | ||
321 | <dd> | ||
322 | is a function to generate a fresh private zone key d. | ||
323 | </dd> | ||
324 | <dt>Public-KeyGen(d) -> zk</dt> | ||
325 | <dd> | ||
326 | is a function to derive a public zone key zk from a private key d. | ||
327 | </dd> | ||
328 | <dt>ZKDF-Private(d,label) -> d'</dt> | ||
329 | <dd> | ||
330 | is a zone key derivation function which blinds a private zone key d | ||
331 | using label, resulting in another private key which | ||
332 | can be used to create cryptographic signatures. | ||
333 | </dd> | ||
334 | <dt>ZKDF-Public(zk,label) -> zk'</dt> | ||
335 | <dd> | ||
336 | is a zone key derivation function which blinds a public zone key zk | ||
337 | using a label. zk and zk' must be unlinkable. Furthermore, | ||
338 | blinding zk with different values for the label must result | ||
339 | in unlinkable different resulting values for zk'. | ||
340 | </dd> | ||
341 | <dt>S-Encrypt(zk,label,nonce,expiration,rdata) -> bdata</dt> | ||
342 | <dd> | ||
343 | is a deterministic symmetric encryption function which encrypts the record | ||
344 | data rdata based on key material derived from the public zone key, | ||
345 | a label, a nonce and an expiration. | ||
346 | In order to leverage performance-enhancing caching features of certain | ||
347 | underlying storages, in particular DHTs, a deterministic encryption | ||
348 | scheme is recommended. | ||
349 | </dd> | ||
350 | <dt>S-Decrypt(zk,label,nonce,expiration,bdata) -> rdata</dt> | ||
351 | <dd> | ||
352 | is a symmetric encryption function which decrypts the encrypted record | ||
353 | data bdata based on key material derived from the public zone key, | ||
354 | a label, a nonce an expiration. | ||
355 | </dd> | ||
356 | <dt>Sign(d',bdata) -> sig</dt> | ||
357 | <dd> | ||
358 | is a function to sign bdata using the (blinded) private key | ||
359 | d', yielding an unforgable cryptographic signature. | ||
360 | </dd> | ||
361 | <dt>Verify(zk',bdata,sig) -> valid</dt> | ||
362 | <dd> | ||
363 | is a function to verify the signature sig was created by | ||
364 | the a private key d' derived from d and a label if | ||
365 | zk' was derived from the corresponding zone key | ||
366 | zk := Public-Keygen(d) and same label. | ||
367 | The function returns a boolean value of "TRUE" if the signature is valid, | ||
368 | and otherwise "FALSE". | ||
369 | </dd> | ||
370 | </dl> | ||
371 | </section> | ||
372 | </section> | 362 | </section> |
373 | <section anchor="rrecords" numbered="true" toc="default"> | 363 | <section anchor="rrecords" numbered="true" toc="default"> |
374 | <name>Resource Records</name> | 364 | <name>Resource Records</name> |
@@ -973,8 +963,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
973 | Nickname records can be used by zone administrators to publish an | 963 | Nickname records can be used by zone administrators to publish an |
974 | the label that a zone prefers to have used when it is referred to. | 964 | the label that a zone prefers to have used when it is referred to. |
975 | This is a suggestion to other zones what label to use when creating a | 965 | This is a suggestion to other zones what label to use when creating a |
976 | delegation record (<xref target="zone_types" />) containing this zone's | 966 | delegation record (<xref target="gnsrecords_delegation" />) containing |
977 | public zone key. | 967 | this zone's public zone key. |
978 | This record SHOULD only be stored under the empty label "@" but MAY be | 968 | This record SHOULD only be stored under the empty label "@" but MAY be |
979 | returned with record sets under any label as a supplemental record. | 969 | returned with record sets under any label as a supplemental record. |
980 | <xref target="nick_processing"/> details how a resolver must process | 970 | <xref target="nick_processing"/> details how a resolver must process |
@@ -1056,12 +1046,13 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
1056 | <section anchor="gnsrecords_vpn" numbered="true" toc="default"> | 1046 | <section anchor="gnsrecords_vpn" numbered="true" toc="default"> |
1057 | <name>GTS</name> | 1047 | <name>GTS</name> |
1058 | <t> | 1048 | <t> |
1059 | The GNUnet Tunnel Record <xref target="GNUnet"/> can | 1049 | The GNUnet Tunnel Service record is used by |
1060 | establish a tunnel between two peers in the peer-to-peer network. | 1050 | applications to establish a tunnel between two peers in the |
1051 | peer-to-peer network (see <xref target="GNUnet"/>). | ||
1061 | In order to facilitate the use of such tunnels, the | 1052 | In order to facilitate the use of such tunnels, the |
1062 | GTS record allows resolvers to automatically initiate its establishment | 1053 | The GTS record serves as an example to how resolvers may automatically |
1063 | and provide IP address information in the resolution process as | 1054 | initiate tunnel establishment and provide IP address information in the |
1064 | specified in <xref target="resolution"/>. | 1055 | resolution process as specified in <xref target="resolution"/>. |
1065 | </t> | 1056 | </t> |
1066 | <t> | 1057 | <t> |
1067 | A GTS DATA entry wire format is illustrated in | 1058 | A GTS DATA entry wire format is illustrated in |
@@ -1093,7 +1084,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
1093 | </dd> | 1084 | </dd> |
1094 | <dt>PROTO</dt> | 1085 | <dt>PROTO</dt> |
1095 | <dd> | 1086 | <dd> |
1096 | the 16-bit protocol number, e.g. 6 for TCP. In network byte order. | 1087 | the 16-bit tunnel protocol number. In network byte order. |
1088 | The possible values are defined by the GNUnet Tunnel Service. | ||
1097 | </dd> | 1089 | </dd> |
1098 | <dt>SERVICE NAME</dt> | 1090 | <dt>SERVICE NAME</dt> |
1099 | <dd> | 1091 | <dd> |
@@ -1216,7 +1208,7 @@ q := SHA512 (HDKD-Public(zk, label)) | |||
1216 | the PUBLIC KEY field. | 1208 | the PUBLIC KEY field. |
1217 | The signature is created using the Sign() function of | 1209 | The signature is created using the Sign() function of |
1218 | the cryptosystem of the zone and the derived private key | 1210 | the cryptosystem of the zone and the derived private key |
1219 | "ZKDF-Private(d, label)" (see <xref target="zone_types" />). | 1211 | "ZKDF-Private(d, label)" (see <xref target="ztype" />). |
1220 | </dd> | 1212 | </dd> |
1221 | <dt>SIZE</dt> | 1213 | <dt>SIZE</dt> |
1222 | <dd> | 1214 | <dd> |
@@ -1505,7 +1497,7 @@ q := SHA512 (HDKD-Public(zk, label)) | |||
1505 | which is revoked and corresponds to the key used in the PoW. | 1497 | which is revoked and corresponds to the key used in the PoW. |
1506 | The signature is created using the Sign() function of | 1498 | The signature is created using the Sign() function of |
1507 | the cryptosystem of the zone and the private zone key | 1499 | the cryptosystem of the zone and the private zone key |
1508 | (see <xref target="zone_types" />). | 1500 | (see <xref target="ztype" />). |
1509 | </dd> | 1501 | </dd> |
1510 | </dl> | 1502 | </dl> |
1511 | <t> | 1503 | <t> |
@@ -1585,7 +1577,7 @@ q := SHA512 (HDKD-Public(zk, label)) | |||
1585 | provided by the client. | 1577 | provided by the client. |
1586 | The GNS resolver will use the desired record type to guide | 1578 | The GNS resolver will use the desired record type to guide |
1587 | processing, for example by providing conversion of GTS records to A | 1579 | processing, for example by providing conversion of GTS records to A |
1588 | or AAAA records, if that is desired. | 1580 | or AAAA records. |
1589 | 1581 | ||
1590 | However, filtering of record sets according to the required record | 1582 | However, filtering of record sets according to the required record |
1591 | types MUST still be done by the client after the resource record set | 1583 | types MUST still be done by the client after the resource record set |
@@ -1863,12 +1855,11 @@ example.com = zk2 | |||
1863 | <section anchor="vpn_processing" numbered="true" toc="default"> | 1855 | <section anchor="vpn_processing" numbered="true" toc="default"> |
1864 | <name>GTS</name> | 1856 | <name>GTS</name> |
1865 | <t> | 1857 | <t> |
1866 | At the end of the recursion, | 1858 | At the end of the recursion, |
1867 | if the queried record type is either A or AAAA and the retrieved | 1859 | if the queried record type is either A or AAAA and the retrieved |
1868 | record set contains at least one GTS record, the resolver SHOULD | 1860 | record set contains at least one GTS record, the resolver SHOULD |
1869 | open a tunnel and return the IPv4 or IPv6 tunnel address, | 1861 | open a tunnel and return the IPv4 or IPv6 tunnel address, |
1870 | respectively. | 1862 | respectively. |
1871 | The type of tunnel depends on the contents of the GTS record data. | ||
1872 | If the implementation does not have the capacity to establish | 1863 | If the implementation does not have the capacity to establish |
1873 | a GTS tunnel, for example because it is not connected to the GNUnet | 1864 | a GTS tunnel, for example because it is not connected to the GNUnet |
1874 | network, the record set MUST be returned as retrieved from the network. | 1865 | network, the record set MUST be returned as retrieved from the network. |
@@ -2148,7 +2139,7 @@ Number | Name | Contact | References | Description | |||
2148 | 65536 | PKEY | N/A | [This.I-D] | GNS zone delegation (PKEY) | 2139 | 65536 | PKEY | N/A | [This.I-D] | GNS zone delegation (PKEY) |
2149 | 65537 | NICK | N/A | [This.I-D] | GNS zone nickname | 2140 | 65537 | NICK | N/A | [This.I-D] | GNS zone nickname |
2150 | 65538 | LEHO | N/A | [This.I-D] | GNS legacy hostname | 2141 | 65538 | LEHO | N/A | [This.I-D] | GNS legacy hostname |
2151 | 65539 | GTS | N/A | [This.I-D] | GTS resolution | 2142 | 65539 | GTS | N/A | [This.I-D] | GTS tunnel metadata |
2152 | 65540 | GNS2DNS | N/A | [This.I-D] | Delegation to DNS | 2143 | 65540 | GNS2DNS | N/A | [This.I-D] | Delegation to DNS |
2153 | 65556 | EDKEY | N/A | [This.I-D] | GNS zone delegation (EDKEY) | 2144 | 65556 | EDKEY | N/A | [This.I-D] | GNS zone delegation (EDKEY) |
2154 | 2145 | ||