| Internet-Draft | The GNU Title System | January 2022 |
| Schanzenbach, et al. | Expires 4 August 2022 | [Page] |
Abstract
This doc incorporates the GNU Title System (GNS) technical
specification.
GNS is a decentralized and censorship-resistant title
map that affords a privateness-enhancing alternative to the Domain
Title System (DNS).¶
This doc defines the normative wire layout of handy resource files,
likelihood processes, cryptographic routines and safety
concerns to be utilized by implementers.
It is a long way published here to repeat readers about the feature
of GNS, files future GNS implementations, and make sure
interoperability among implementations together with with the
pre-present GNUnet implementation.¶
Featured Content Ads
add advertising here
This specification was developed initiate air the IETF and does no longer contain
IETF consensus. It is a long way published here to files implementation of GNS
and to make sure interoperability among implementations.¶
Predicament of This Memo
This Internet-Draft is submitted in beefy conformance with the
provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Project
Pressure (IETF). Show conceal that other groups can also merely moreover distribute working
documents as Internet-Drafts. The listing of most as a lot as date Internet-Drafts is
at https://datatracker.ietf.org/drafts/most as a lot as date/.¶
Internet-Drafts are draft documents obedient for a maximum of six months
and might perhaps perchance perhaps presumably be updated, modified, or obsoleted by other documents at any
time. It is a long way tainted to spend Internet-Drafts as reference
self-discipline matter or to cite them rather than as “work in development.”¶
Featured Content Ads
add advertising hereThis Internet-Draft will expire on 4 August 2022.¶
Copyright Peep
Copyright (c) 2022 IETF Trust and the persons identified because the
doc authors. All rights reserved.¶
This doc is self-discipline to BCP 78 and the IETF Trust’s Correct
Provisions Relating to to IETF Paperwork
(https://trustee.ietf.org/license-files) in compose on the date of
newsletter of this doc. Please review these documents
carefully, as they report your rights and restrictions with
appreciate to this doc. Code Formula extracted from this
doc have to comprise Simplified BSD License text as described in
Fragment 4.e of the Trust Correct Provisions and are equipped without
guarantee as described within the Simplified BSD License.¶
1. Introduction
The Domain Title System (DNS) [RFC1035] is a certain
disbursed database and a first-rate service for most Internet purposes.
Whereas DNS is disbursed, in be aware it
relies on centralized, relied on registrars to give globally queer
names. As the consciousness of the central feature DNS performs on the Internet
rises, diversified institutions are the utilization of their strength (together with correct map)
to snatch in assaults on the DNS, thus threatening the worldwide availability
and integrity of files on the Internet.¶
Featured Content Ads
add advertising here
DNS was no longer designed with safety as a goal. This makes it very
inclined, specifically to attackers that contain the technical capabilities
of a total nation teach at their disposal.
Whereas a worthy wider dialogue of this case is out of scope for this doc,
analyses and investigations might perhaps perchance perhaps moreover be chanced on in most as a lot as date tutorial analysis
works together with [SecureNS].¶
This specification describes a censorship-resistant, privateness-conserving
and decentralized title map: The GNU Title System (GNS) [GNS].
It is a long way designed to give a receive, privateness-enhancing alternative to
DNS, specifically when censorship or manipulation is encountered.
Namely, it without delay addresses concerns in DNS with appreciate to “Interrogate
Privacy”, the “Single Hierarchy with a Centrally Controlled Root” and
“Distribution and Management of Root Servers” as raised in
[RFC8324].
GNS can bind names to any roughly
cryptographically secured token, enabling it to double in some respects as
at the same time as another to a pair of on the present time’s Public Key Infrastructures, in
particular X.509 for the Internet.¶
The fabricate of GNS incorporates the prospective to combine and
coexist with DNS.
GNS is in step with the precept of a petname
map and builds on tips from the Straightforward Distributed Security
Infrastructure [SDSI], addressing a central situation with the decentralized
mapping of receive identifiers to memorable names: namely the impossibility
of providing a global, receive and memorable mapping with out a relied on
authority. GNS uses the transitivity within the SDSI fabricate to interchange the
relied on root with receive delegation of authority thus making petnames
well-known to other users whereas working below a if truth be told sturdy adversary model.¶
Right here is a needed distinguishing element from the Domain Title System
the set root zone governance is centralized on the Internet Corporation
for Assigned Names and Numbers (ICANN).
In DNS terminology, GNS roughly follows the muse of a hyperlocal root
zone deployment, with the adaptation that it is no longer
expected that every deployments spend the same local root zone.¶
This doc defines the normative wire layout of handy resource files, likelihood processes,
cryptographic routines and safety concerns to be utilized by implementers.¶
This specification was developed initiate air the IETF and does no longer contain
The major words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”,
IETF consensus. It is a long way published here to files implementation of GNS
and to make sure interoperability among implementations.¶
1.1. Requirements Notation
“SHOULD”, “SHOULD NOT”, “RECOMMENDED“, “NOT RECOMMENDED”, “MAY”, and
“OPTIONAL” on this doc are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and exclusively
when, they seem in all capitals, as shown here.¶
2. Terminology
- Mark
-
A GNS brand is a brand as outlined in [RFC8499].
Within this doc, labels are continually assumed to be strings of
UTF-8 characters [RFC8499] with a maximum dimension of
63 bytes. When hashed, labels MUST be canonicalized the utilization of
Normalization Impact C (NFC) [Unicode-UAX15].¶ - Title
-
A title in GNS is a net page title as outlined in [RFC8499]
as an ordered listing of labels.
The labels in a title are separated the utilization of the persona “.” (dot).
Names, admire labels, are encoded in UTF-8.¶ - High-Diploma Domain
-
The rightmost brand in a GNS title is a GNS High-Diploma Domain (TLD).
Not like DNS High-Diploma Domains (outlined in [RFC8499]),
GNS does no longer query all users to spend the same global root zone. As another,
rather than Zone High-Diploma Domains (peep beneath),
GNS TLDs are in most cases phase of the configuration of the local resolver
(peep Fragment 7.1), and can merely thus no longer be globally queer.¶ - Zone
-
A GNS zone incorporates authoritative files (handy resource files).
A zone is uniquely identified by its zone key. Not like DNS zones,
a GNS zone does no longer deserve to contain a SOA chronicle at its apex.¶ - Zone Style
-
The form of a GNS zone determines the cipher map and binary encoding
layout of the zone key, blinded zone keys, and signatures.¶ - Zone Key
-
The zone key uniquely identifies a zone.
The zone key might perhaps perchance perhaps presumably be a public key of an asymmetric key pair.¶ - Blinded Zone Key
-
A blinded zone secret’s derived from the zone key and a brand.
The zone key and the blinded zone key are unlinkable without lustrous the brand.¶ - Zone Owner
-
The proprietor of a GNS zone is the holder of the secret (in most cases a non-public key)
that (together with a brand and a brand to signal) enables the creation of zone
signatures that can moreover be validated in opposition to the respective blinded zone key.¶ - Zone High-Diploma Domain
-
A GNS Zone High-Diploma Domain (zTLD) is a GNS brand worn because the
rightmost brand in a GNS title which encodes a zone form and
zone key of a zone.
Due to the the statistical specialty of zone keys, zTLDs are moreover globally queer.
A zTLD brand can exclusively be notorious from frequent TLD labels
by making an attempt to decode the brand to a zone form and zone key.¶ - Handy resource Narrative
-
A GNS handy resource chronicle is the certain guess linked to a brand in a
GNS zone.
A GNS handy resource chronicle incorporates files as outlined by its
handy resource chronicle form.¶
3. Overview
In GNS, any user can also merely beget and situation up one or more cryptographically
secured zones (Fragment 4).
Zones are uniquely identified by a zone key.
Zone contents are signed the utilization of blinded non-public keys and
encrypted the utilization of derived secret keys.
The zone form determines the respective situation of cryptographic operations
and the wire codecs for encrypted files, public keys and signatures.¶
A zone might perhaps perchance perhaps moreover be populated with mappings from labels to handy resource files by
its proprietor (Fragment 5).
A brand might perhaps perchance perhaps moreover be mapped to a delegation chronicle which ends within the
corresponding subdomain being delegated to another zone. Spherical
delegations are explicitly allowed, together with delegating a subdomain
to its fast dad or mum zone. In
uncover to present a have to (legacy) purposes as effectively as to facilitate the spend
of petnames, GNS defines auxiliary chronicle kinds as effectively as to
supporting used DNS files.¶
Zone contents are encrypted and signed
sooner than being published in a disbursed key-price storage
(Fragment 6).
In this direction of, queer zone identification is hidden from the community
by map of the spend of key blinding.
Key blinding enables the creation of signatures for zone contents
the utilization of a blinded public/non-public key pair.
This blinding is realized the utilization of a deterministic key
derivation from
the distinctive zone key and corresponding non-public key the utilization of chronicle brand values
as blinding elements.
Namely, the zone proprietor can earn blinded non-public keys for every chronicle
situation published below a brand, and a
resolver can earn the corresponding blinded public keys.
It is a long way anticipated that GNS implementations spend disbursed or decentralized
storages equivalent to disbursed hash tables (DHT) in uncover to facilitate
availability within a community without the necessity for dedicated infrastructure.
Specification of the sort of disbursed or decentralized storage is out of
scope of this doc, but seemingly present implementations comprise those
in step with [RFC7363], [Kademlia] or
[R5N].¶
Names in GNS are domains as outlined in [RFC8499].
Beginning from a configurable root zone, names are resolved by following zone
delegations. For every brand in a title, the recursive GNS resolver
fetches the respective chronicle from the storage layer (Fragment 7).
With out files of the brand values and the zone keys, the
diversified derived keys are unlinkable both to the distinctive zone key and to every
other.
This prevents zone enumeration (rather than by map of impractical online brute
force assaults) and requires files
of both the zone key and the brand to verify affiliation of a
set a query to or the corresponding encrypted chronicle situation with a
issue zone. At the same time, the blinded zone key provides
resolvers
with the skill to verify the integrity of the published files
without disclosing the originating zone.¶
In the the relaxation of this doc, the “implementer” refers back to the developer constructing
a GNS implementation together with, as an instance, zone management instruments and
title likelihood substances.
An “utility” refers to a element which uses a GNS implementation
to resolve files from the community and (most frequently) processes its contents.¶
4. Zones
A zone in GNS is uniquely identified by its zone form and zone key.
It might perhaps perchance perhaps presumably moreover be represented by a Zone High-Diploma Domain (zTLD) string.¶
Every zone form (ztype) is assigned a certain 32-bit number when it is registered
within the GNUnet Assigned Numbers Authority [GANA].
The ztype determines which cryptosystem is worn for the
asymmetric and symmetric key operations of the zone.
The ztype number continually corresponds to a handy resource chronicle form
number figuring out a delegation into a zone of this form. To
make sure there are no conflicts with DNS chronicle kinds, ztypes
are continually assigned numeric values above 65535.¶
For any zone, let d be the non-public key and zk the final public zone key.
The precise wire layout worn relies on the ztype.
The creation of zone keys for the default ztypes are laid out in
Fragment 5.1.
Fresh ztypes might perhaps perchance perhaps presumably be laid out within the long urge, as an instance if the
cryptographic mechanisms worn on this doc are broken.
Any ztype MUST clarify the following situation of cryptographic capabilities:¶
- KeyGen() -> d, zk
-
is a feature to generate a new non-public key d and
the corresponding public zone key zk.¶ - ZKDF-Deepest(d,brand) -> d’
-
is a zone key derivation feature which blinds a non-public key d
the utilization of brand, leading to another non-public key which
might perhaps perchance perhaps moreover be worn to beget cryptographic signatures. We exhibit that
GNS exclusively requires a signature to be created without delay with
d to signal a revocation message for the zone key zk.¶ - ZKDF-Public(zk,brand) -> zk’
-
is a zone key derivation feature which blinds a zone key zk
the utilization of a brand. zk and zk’ must be unlinkable. Moreover,
blinding zk with diversified values for the brand have to end result
in unlinkable zk’ values.¶ - S-Encrypt(zk,brand,nonce,expiration,message) -> ciphertext
-
is a symmetric encryption feature which encrypts the chronicle
files in step with key self-discipline matter derived from the zone key,
a brand, a nonce and an expiration.
In uncover to leverage performance-enhancing caching choices of certain
underlying storages, specifically DHTs, a deterministic encryption
map is generally recommended.¶ - S-Decrypt(zk,brand,nonce,expiration,ciphertext) -> message
-
is a symmetric decryption feature which decrypts the encrypted chronicle
files in step with key self-discipline matter derived from the zone key,
a brand, a nonce and an expiration.¶ - Signal(d,message) -> signature, Signal(d’,message) -> signature
-
is a feature to signal a message (in most cases encrypted chronicle files) the utilization of the (blinded) non-public
key d (d’), yielding an unforgable cryptographic signature.¶ - Examine(zk,message,signature) -> boolean, Examine(zk’,message,signature) -> boolean
-
is a feature to verify the signature was created by
the non-public key d (or derived key d’) same to
the zone key zk (or derived zone key zk’)
the set d,zk := Keygen(). If deriviations contain been worn, they
have to contain worn the same brand.
The feature returns a boolean price of “TRUE” if the signature is obedient,
and in another case “FALSE”.¶
4.1. Zone High-Diploma Domain
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | ZONE TYPE | ZONE KEY / +-----+-----+-----+-----+ / / / / /
The decoded binary representation of the zTLD¶
The zTLD is the Zone High-Diploma Domain.
It is a long way a string which encodes the zone form and zone key into a net page title.
The zTLD is worn as a globally queer reference to a particular
namespace at some stage in of title likelihood.
To encode the zone key, a zone key brand zkl is derived from a
concatenation of the zone form and zone key (peep Figure 1)
the utilization of the Crockford Snide32 encoding [CrockfordB32].
In uncover to extra delay tolerance for failures in persona
recognition, the letter “U” MUST be decoded to the same Snide32 price because the
letter “V”.
The encoding and decoding symbols for Crockford Snide32 together with this transformation are outlined in
Figure 2.
The capabilities for encoding and decoding in step with this table are known as
GNSCrockfordEncode and GNSCrockfordDecode, respectively.¶
Symbol Decode Encode Designate Symbol Symbol 0 0 O o 0 1 1 I i L l 1 2 2 2 3 3 3 4 4 4 5 5 5 6 6 6 7 7 7 8 8 8 9 9 9 10 A a A 11 B b B 12 C c C 13 D d D 14 E e E 15 F f F 16 G g G 17 H h H 18 J j J 19 Okay ok Okay 20 M m M 21 N n N 22 P p P 23 Q q Q 24 R r R 25 S s S 26 T t T 27 V v V U 28 W w W 29 X x X 30 Y y Y 31 Z z Z
The Snide32-Crockford Alphabet Including the Extra U Encode Symbol.¶
For the string representation of a zTLD we clarify:¶
zkl := GNSCrockfordEncode(ztype|zkey) ztype|zkey := GNSCrockfordDecode(zkl)
¶
If zkl is no longer as a lot as 63 characters, it’ll without delay be
worn as a zTLD.
If zkl is longer than 63 characters, the
zTLD is constructed by dividing zkl into smaller labels separated by the
brand separator “.”.
Right here, the main bytes of the “ztype|zkey” concatenation must be contained
within the rightmost brand of the resulting string and the least major
bytes within the leftmost brand of the resulting string. This permits the
resolver to search out out the zone form and zkl dimension from the rightmost brand.
For instance, assuming a zkl of 130 characters, the encoding would be:¶
zTLD := zkl[126..129].zkl[63..125].zkl[0..62]
¶
4.2. Zone Revocation
On every occasion a resolver encounters a original GNS zone, it MUST
test in opposition to the local revocation listing whether the respective
zone key has been revoked. If the zone key was revoked, the
likelihood MUST fail with an empty end result situation.¶
In uncover to revoke a zone key, a signed revocation object MUST be
published.
This object MUST be signed the utilization of the non-public key.
The revocation object is broadcast to the community.
The specification of the published mechanism is out of scope of this
doc.
A seemingly broadcast mechanism for efficient flooding in a disbursed
community is utilized in [GNUnet].
Alternatively, revocation objects might perhaps perchance perhaps presumably moreover be disbursed by map of a
disbursed ledger or a relied on central server.
To discontinue
flooding assaults, the revocation message MUST have a proof of labor
(PoW).
The revocation message together with the PoW MAY be calculated
sooner than time to present a have to effectively timed revocation.¶
For all occurrences beneath, “Argon2id” is the Password-primarily based mostly Key
Derivation Feature as outlined in [RFC9106]. For the
PoW calculations the algorithm is instantiated with the
following parameters:¶
- S
- The salt. Fixed 16-byte string: “GnsRevocationPow”.¶
- t
- Decision of iterations: 3¶
- m
- Memory dimension in KiB: 1024¶
- T
- Output dimension of hash in bytes: 64¶
- p
- Parallelization parameter: 1¶
- v
- Algorithm version: 0x13¶
- y
- Algorithm form (Argon2id): 2¶
- X
- Unused¶
- Okay
- Unused¶
Figure 3 illustrates the wire layout
of the message string “P” on which the PoW is calculated.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | POW | +-----------------------------------------------+ | TIMESTAMP | +-----------------------------------------------+ | ZONE TYPE | ZONE KEY | +-----+-----+-----+-----+ | / / / / +-----+-----+-----+-----+-----+-----+-----+-----+
The Wire Format of the PoW Message String.¶
- POW
- A 64-bit resolution to the PoW. In community byte uncover.¶
- TIMESTAMP
-
denotes the absolute 64-bit date when the revocation was computed.
In microseconds since hour of darkness (0 hour), January 1, 1970 in community
byte uncover.¶ - ZONE TYPE
- is the 32-bit zone form.¶
- ZONE KEY
-
is the 256-bit public key zk of the zone which is being revoked.
The wire layout of this price is printed by the ZONE TYPE.¶
Historically, PoW schemes require to search out a POW such that
no longer no longer as a lot as D leading zeroes are chanced on within the hash end result.
D is then referred to because the situation of the PoW.
In uncover to minimize the variance in time it takes to calculate the
PoW, we require that a number Z diversified PoWs must be
chanced on that on life like contain D leading zeroes.¶
The resulting proofs can also merely then published and disseminated. The concrete
dissemination and newsletter recommendations are out of scope of this
doc. Given a mean situation of D, the proofs contain an
expiration time of EPOCH. With every extra bit situation, the
lifetime of the proof is prolonged for another EPOCH.
In consequence, by calculating a more complex PoW, the lifetime of the
proof might perhaps perchance perhaps moreover be elevated on query by the zone proprietor.¶
The parameters are outlined as follows:¶
- Z
- The preference of PoWs required is mounted at 32.¶
- D
- The placement is mounted at 22.¶
- EPOCH
- A single epoch is mounted at 365 days.¶
The revocation message wire layout is illustrated in
Figure 4.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | TIMESTAMP | +-----+-----+-----+-----+-----+-----+-----+-----+ | TTL | +-----+-----+-----+-----+-----+-----+-----+-----+ | POW_0 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ... | +-----+-----+-----+-----+-----+-----+-----+-----+ | POW_Z-1 | +-----------------------------------------------+ | ZONE TYPE | ZONE KEY | +-----+-----+-----+-----+ | / / / / +-----+-----+-----+-----+-----+-----+-----+-----+ | SIGNATURE | / / / / | | +-----+-----+-----+-----+-----+-----+-----+-----+
The Revocation Message Wire Format.¶
- TIMESTAMP
-
denotes the absolute 64-bit date when the revocation was computed.
In microseconds since hour of darkness (0 hour), January 1, 1970 in community
byte uncover. Right here is a linked price because the timestamp worn within the
particular individual PoW calculations.¶ - TTL
-
denotes the relative 64-bit time to live of the chronicle in
microseconds moreover in community byte uncover. This field is informational
for a verifier. The verifier can also merely discard revocation if the TTL
means that it is already expired. On the choice hand, the actual TTL of the
revocation must make sure by analyzing the leading zeros within the
proof of labor calculation.¶ - POW_i
-
The values calculated as phase of the PoW, in community byte uncover.
Every POW_i MUST be queer within the situation of POW values.
To facilitate lickety-split verification
of specialty, the POW values must be given in strictly
monotonically rising uncover within the message.¶ - ZONE TYPE
- The 32-bit zone form same to the zone key.¶
- ZONE KEY
-
is the final public key zk of the zone which is being revoked and
the major to be worn to verify SIGNATURE.¶ - SIGNATURE
-
A signature over a timestamp and the zone zk of the zone
which is revoked and corresponds to the major worn within the PoW.
The signature is created the utilization of the Signal() feature of
the cryptosystem of the zone and the non-public key
(peep Fragment 4).¶
The signature over the final public key covers a 32-bit pseudo header
conceptually prefixed to the final public key. The pseudo header contains
the major dimension and signature cause. The wire layout is illustrated
in Figure 5.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | SIZE (0x30) | PURPOSE (0x03) | +-----+-----+-----+-----+-----+-----+-----+-----+ | TIMESTAMP | +-----+-----+-----+-----+-----+-----+-----+-----+ | ZONE TYPE | ZONE KEY | +-----+-----+-----+-----+ | / / / / +-----+-----+-----+-----+-----+-----+-----+-----+
The Wire Format of the Revocation Knowledge for Signing.¶
- SIZE
-
A 32-bit price containing the scale of the signed files in bytes
in community byte uncover.¶ - PURPOSE
-
A 32-bit signature cause flag. This field MUST be 3 (in community
byte uncover).¶ - ZONE TYPE
- The 32-bit zone form same to the zone key.¶
- ZONE KEY / TIMESTAMP
- Each values as outlined within the revocation files object above.¶
In uncover to verify a revocation the following steps must be taken,
in uncover:¶
- The signature MUST match the final public key.¶
- The placement of POW values MUST NOT have duplicates.¶
- The frequent preference of leading zeroes as a end result of the equipped
POW values D’ MUST be elevated than and no longer equal to D.¶ - The validation duration (TTL) of the revocation is calculated as
(D’-D) EPOCH 1.1. The EPOCH is extended by
10% in uncover to address unsynchronized clocks.
The TTL added on high of the TIMESTAMP yields the
expiration date.¶ - Essentially the most as a lot as date time MUST be between TIMESTAMP and
TIMESTAMP+TTL.¶
5. Handy resource Facts
A GNS implementer MUST present a mechanism to beget and situation up handy resource
files for local zones. An enviornment zone is established by selecting a
zone form and making a zone key pair.
As files might perhaps perchance perhaps presumably be added to every created zone, a (local) persistence
mechanism equivalent to a database for handy resource files and zones must be equipped.
This local zone database is worn by the title likelihood common sense and serves
as a basis for publishing zones into the GNS storage (peep Fragment 6).¶
A GNS handy resource chronicle holds the records of a particular chronicle in a zone.
The handy resource chronicle layout is printed in
Figure 6.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | EXPIRATION | +-----+-----+-----+-----+-----+-----+-----+-----+ | DATA SIZE | TYPE | +-----+-----+-----+-----+-----+-----+-----+-----+ | FLAGS | DATA / +-----+-----+-----+-----+ / / / / /
The Handy resource Narrative Wire Format.¶
- EXPIRATION
-
denotes the absolute 64-bit expiration date of the chronicle.
In microseconds since hour of darkness (0 hour), January 1, 1970 in community
byte uncover.¶ - DATA SIZE
-
denotes the 32-bit dimension of the DATA field in bytes and in community byte
uncover.¶ - TYPE
-
is the 32-bit handy resource chronicle form. This form might perhaps perchance perhaps moreover be one in every of the GNS handy resource
files as outlined in Fragment 5 or a DNS chronicle
form as outlined in [RFC1035] or any of the
complementary standardized DNS handy resource chronicle kinds. This price must be
saved in community byte uncover. Show conceal that values
beneath 2^16 are reserved for allocation by map of IANA [RFC6895],
whereas values above 2^16 are dispensed by the
GNUnet Assigned Numbers Authority [GANA].¶ - FLAGS
- is a 32-bit handy resource chronicle flags field (peep beneath).¶
- DATA
-
the variable-dimension handy resource chronicle files payload. The contents are outlined
by the
respective form of the handy resource chronicle.¶
Flags expose metadata surrounding the handy resource chronicle. A flag
price of 0 means that every flags are unset.
Applications creating handy resource files MUST situation all bits which might perhaps perhaps presumably be
no longer outlined as a flag to 0. Extra flags might perhaps perchance perhaps presumably be outlined in
future protocol variations.
If an utility or implementation encounters a flag which it does no longer
peep, it MUST be uncared for.
Figure 7
illustrates the flag distribution within the 32-bit flag price of a
handy resource chronicle:¶
0 1 2 3 4 5... +--------+--------+--------+--------+--------+---- |RESERVED|PRIVATE |SUPPL |EXPREL | SHADOW | ... +--------+--------+--------+--------+--------+----
The Handy resource Narrative Flag Wire Format.¶
- SHADOW
-
If this flag is situation, this chronicle must be uncared for by resolvers unless all (other)
files of the same chronicle form contain expired. Used to allow zone publishers to
facilitate factual performance when files replace by allowing them to set future
values of files into the storage.
This methodology, future values can propagate and might perhaps perchance perhaps presumably be
cached sooner than the transition becomes active.¶ - EXPREL
-
The expiration time price of the chronicle is a relative time (mild in microseconds)
and no longer an absolute time. This flag should always mild by no map be encountered by a resolver
for files obtained from the storage, but might perhaps perchance perhaps presumably be present when a resolver looks to be up
non-public files of a zone hosted regionally.¶ - SUPPL
-
Right here is a supplemental chronicle. It is a long way equipped as effectively as to the
other files. This flag means that this chronicle is no longer explicitly
managed alongside the choice files below the respective title but
might perhaps perchance perhaps presumably be well-known for the utility. This flag should always mild exclusively be encountered
by a resolver for files obtained from the storage.¶ - PRIVATE
-
Right here is a non-public chronicle of this admire and it will mild thus no longer be
published. Thus, this flag should always mild by no map be encountered by
a resolver for files obtained from the storage.
Deepest files should always mild mild be regarded as accurate admire
recent files when resolving labels in local zones.¶
5.1. Zone Delegation Facts
This fragment defines the preliminary situation of zone delegation chronicle kinds.
Any implementation MUST give a have to all zone kinds outlined here and
MAY give a have to any preference of extra delegation files outlined in
the GNU Title System Narrative Kinds registry Fragment 10.
Zone delegation files MUST NOT be saved and published below the
empty brand.¶
5.1.1. PKEY
In GNS, a delegation of a brand to a zone of form “PKEY” is
represented by map of a PKEY chronicle. The PKEY number is a zone
form and thus moreover implies the cryptosystem for the zone that
is being delegated to.
A PKEY handy resource chronicle incorporates the final public key of the zone to
delegate to.
A PKEY chronicle MUST be the exclusively chronicle below a brand. No other
files are allowed. The PKEY DATA entry wire layout might perhaps perchance perhaps moreover be chanced on
in Figure 8.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | PUBLIC KEY | | | | | | | +-----+-----+-----+-----+-----+-----+-----+-----+
The PKEY Wire Format.¶
- PUBLIC KEY
- A 256-bit ECDSA zone key.¶
For PKEY zones the zone key self-discipline matter is derived the utilization of the
curve parameters of the zigzag edwards representation
of Curve25519 [RFC7748] (a.ok.a. edwards25519)
with the ECDSA map [RFC6979].
In consequence, we spend the following naming convention for our
cryptographic primitives for PKEY zones:¶
- d
- is a 256-bit ECDSA non-public key.¶
- zk
- is the ECDSA public zone key same to d.¶
- p
-
is the prime of edwards25519 as outlined in [RFC7748], i.e.
2^255 – 19.¶ - G
-
is the community generator (X(P),Y(P)) of edwards25519 as outlined in
[RFC7748].¶ - L
- is the uncover of the prime-uncover subgroup of edwards25519 in [RFC7748].¶
- KeyGen()
- The technology of the non-public
scalar d and the curve point zk := d*G (the set G is the community generator
of the elliptic curve) as outlined in Fragment 2.2. of
[RFC6979] represents the KeyGen() feature.¶
The zone form and zone key of a PKEY are 32 + 4 bytes in dimension. This implies that
a zTLD will continually match into a single brand and does
no longer need any extra conversion.¶
Given a brand, the output d’ of the ZKDF-Deepest(d,brand) feature for zone
key blinding is calculated as follows for PKEY zones:¶
zk := d G
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Make bigger (PRK_h, brand | "gns", 512 / 8)
d' := (h d) mod L
¶
Equally, given a brand, the output zk’ of the ZKDF-Public(zk,brand) feature is
calculated as follows for PKEY zones:¶
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Make bigger (PRK_h, brand | "gns", 512 / 8)
zk' := (h mod L) zk
¶
The PKEY cryptosystem uses a hash-primarily based mostly key derivation feature (HKDF) as outlined in
[RFC5869], the utilization of SHA-512 [RFC6234] for the extraction
phase and SHA-256 [RFC6234] for the expansion phase.
PRK_h is key self-discipline matter retrieved the utilization of an HKDF the utilization of the string
“key-derivation” as salt and the zone key as preliminary
keying self-discipline matter.
h is the 512-bit HKDF expansion end result and must be interpreted in
community byte uncover. The expansion files enter is
a concatenation of the brand and the string “gns”.
The brand is a UTF-8 string below which the handy resource files are
published.
The multiplication of zk with h is a point multiplication,
whereas the multiplication of d with h is a scalar multiplication.¶
The Signal() and Examine() capabilities
for PKEY zones are utilized the utilization of 512-bit ECDSA deterministic
signatures as laid out in [RFC6979].¶
The S-Encrypt() and S-Decrypt() capabilities spend AES in counter mode
as outlined in [MODES] (CTR-AES-256):¶
CIPHERTEXT := CTR-AES256(Okay, IV, DATA) DATA := CTR-AES256(Okay, IV, CIPHERTEXT)
¶
The major Okay and counter IV are derived from
the chronicle brand and the zone key zk as follows:¶
PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)
PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk)
Okay := HKDF-Make bigger (PRK_k, brand, 256 / 8);
NONCE := HKDF-Make bigger (PRK_n, brand, 32 / 8)
¶
HKDF is a hash-primarily based mostly key derivation feature as outlined in
[RFC5869]. Namely, SHA-512 [RFC6234] is worn for the
extraction phase and SHA-256 [RFC6234] for the expansion phase.
The output keying self-discipline matter is 32 bytes (256 bits) for the symmetric
key and 4 bytes (32 bits) for the nonce.
The symmetric key Okay is a 256-bit AES [RFC3826] key.¶
The nonce is mixed with a 64-bit initialization vector and a
32-bit block counter as outlined in [RFC3686].
The block counter begins with the associated fee of 1, and it is incremented
to generate subsequent portions of the major hotfoot.
The block counter is a 32-bit integer price in community byte uncover.
The initialization vector is the expiration time of the
handy resource chronicle block in community byte uncover.
The resulting counter (IV) wire layout might perhaps perchance perhaps moreover be chanced on in
Figure 9.¶
0 8 16 24 32 +-----+-----+-----+-----+ | NONCE | +-----+-----+-----+-----+ | EXPIRATION | | | +-----+-----+-----+-----+ | BLOCK COUNTER | +-----+-----+-----+-----+
The Block Counter Wire Format.¶
5.1.2. EDKEY
In GNS, a delegation of a brand to a zone of form “EDKEY” is
represented by map of a EDKEY chronicle. The EDKEY number is a zone
form and thus moreover implies the cryptosystem for the zone that
is being delegated to.
An EDKEY handy resource chronicle incorporates the final public key of the zone to
delegate to.
A EDKEY chronicle MUST be the exclusively chronicle below a brand. No other
files are allowed. The EDKEY DATA entry wire layout
is illustrated in Figure 10.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | PUBLIC KEY | | | | | | | +-----+-----+-----+-----+-----+-----+-----+-----+
The EDKEY DATA Wire Format.¶
- PUBLIC KEY
- A 256-bit EdDSA zone key.¶
For EDKEY zones the zone key self-discipline matter is derived the utilization of the
curve parameters of the zigzag edwards representation
of Curve25519 [RFC7748] (a.ok.a. edwards25519)
with the Ed25519-SHA-512 map [ed25519].
In consequence, we spend the following naming convention for our
cryptographic primitives for EDKEY zones:¶
- d
- is a 256-bit EdDSA non-public key.¶
- a
-
is is an integer derived from d the utilization of the SHA-512 hash feature
as outlined in [ed25519].¶ - zk
-
is the EdDSA public key same to d. It is a long way printed
because the curve point a*G the set G is the
community generator of the elliptic curve
as outlined in [ed25519].¶ - p
-
is the prime of edwards25519 as outlined in [RFC7748], i.e.
2^255 – 19.¶ - G
-
is the community generator (X(P),Y(P)) of edwards25519 as outlined in
[RFC7748].¶ - L
- is the uncover of the prime-uncover subgroup of edwards25519 in [RFC7748].¶
- KeyGen()
-
The technology of the non-public key d and the associated public
key zk := a*G the set G is the
community generator of the elliptic curve and a is an integer
derived from d the utilization of the SHA-512 hash feature
as outlined
in Fragment 3.2. of [RFC8032] represents the KeyGen()
feature.¶
The zone form and zone key of an EDKEY are 32 + 4 bytes in dimension. This implies that
a zTLD will continually match into a single brand and does
no longer need any extra conversion.¶
The “EDKEY” ZKDF instantiation is in step with [Tor224].
Given a brand, the output of the ZKDF-Deepest feature for zone
key blinding is calculated as follows for EDKEY zones:¶
zk := a G
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Make bigger (PRK_h, brand | "gns", 512 / 8)
h[31] &= 7
a1 := a / 8 /8 is the cofactor of Curve25519 */
a2 := (h a1) mod L
a' = a2 8 /8 is the cofactor of Curve25519 */
¶
Equally, given a brand, the output of the ZKDF-Public feature is
calculated as follows for PKEY zones:¶
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Make bigger (PRK_h, brand | "gns", 512 / 8)
h[31] &= 7 // Implies h mod L == h
zk' := h zk
¶
We exhibit that implementers have to spend a constant time scalar
multiplication for the constructions above. Additionally, implementers
deserve to make sure the non-public key a is an ed25519 non-public key
and specifically that “a[0] & 7 == 0” holds.¶
The EDKEY cryptosystem uses a
hash-primarily based mostly key derivation feature (HKDF) as outlined in
[RFC5869], the utilization of SHA-512 [RFC6234] for the extraction
phase and HMAC-SHA256 [RFC6234] for the expansion phase.
PRK_h is key self-discipline matter retrieved the utilization of an HKDF the utilization of the string
“key-derivation” as salt and the zone key as preliminary
keying self-discipline matter.
The blinding element h is the 512-bit HKDF expansion end result.
The expansion files enter is
a concatenation of the brand and the string “gns”.
The outcomes of the HKDF must be clamped and interpreted in community
byte uncover.
a is the 256-bit integer same to the 256-bit non-public
key d.
The brand is a UTF-8 string below which the handy resource files are
published.
The multiplication of zk with h is a point multiplication,
whereas the division and multiplication of a and a1 with the
co-element are integer operations.¶
Signatures for EDKEY zones the utilization of the derived non-public key a’
are no longer compliant with [ed25519].
As the corresponding non-public key to the derived non-public scalar a’
is no longer known, it is no longer seemingly to deterministically earn the
signature phase R in step with [ed25519].
As another, signatures MUST be generated as follows for any given
message M:
A nonce is calculated from the ideal 32 bytes of the
expansion of the non-public key d and the blinding element h.
The nonce is then hashed with the message M to r.
This methodology, we comprise the beefy derivation course within the calculation
of the R price of the signature, guaranteeing that it is by no map reused
for two diversified derivation paths or messages.¶
dh := SHA-512 (d) nonce := SHA-256 (dh[32..63] | h) r := SHA-512 (nonce | M) R := r G S := r + SHA-512(R | zk' | M) a' mod L
¶
A signature (R,S) is obedient if the following holds:¶
S G == R + SHA-512(R, zk', M) zk'
¶
The S-Encrypt() and S-Decrypt() capabilities spend XSalsa20
as outlined in [XSalsa20]
(XSalsa20-Poly1305):¶
CIPHERTEXT := XSalsa20-Poly1305(Okay, IV, DATA) DATA := XSalsa20-Poly1305(Okay, IV, CIPHERTEXT)
¶
The outcomes of the XSalsa20-Poly1305 encryption feature is the encrypted
ciphertext concatenated with the 128-bit authentication
brand.
Accordingly, the scale of encrypted files equals the scale of the
files plus the 16 bytes of the authentication brand.¶
The major Okay and counter IV are derived from
the chronicle brand and the zone key zk as follows:¶
PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)
PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk)
Okay := HKDF-Make bigger (PRK_k, brand, 256 / 8);
NONCE := HKDF-Make bigger (PRK_n, brand, 32 / 8)
¶
HKDF is a hash-primarily based mostly key derivation feature as outlined in
[RFC5869]. Namely, SHA-512 [RFC6234] is worn for the
extraction phase and SHA-256 [RFC6234] for the expansion phase.
The output keying self-discipline matter is 32 bytes (256 bits) for the symmetric
key and 16 bytes (128 bits) for the NONCE.
The symmetric key Okay is a 256-bit XSalsa20
[XSalsa20] key.
No extra authenticated files (AAD) is worn.¶
The nonce is mixed with an 8 byte initialization vector.
The initialization vector is the expiration time of the
handy resource chronicle block in community byte uncover.
The resulting counter (IV) wire layout is illustrated in
Figure 11.¶
0 8 16 24 32 +-----+-----+-----+-----+ | NONCE | | | | | | | +-----+-----+-----+-----+ | EXPIRATION | | | +-----+-----+-----+-----+
The Counter Block Initialization Vector¶
5.1.3. GNS2DNS
It is a long way seemingly to delegate a brand motivate into DNS by map of a GNS2DNS chronicle.
The handy resource chronicle incorporates a DNS title for the resolver to continue with
in DNS followed by a DNS server. Each names are within the layout outlined in
[RFC1034] for DNS names.
A GNS2DNS DATA entry is illustrated in Figure 12.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | DNS NAME | / / / / | | +-----+-----+-----+-----+-----+-----+-----+-----+ | DNS SERVER NAME | / / / / | | +-----------------------------------------------+
The GNS2DNS DATA Wire Format¶
- DNS NAME
-
The title to continue with in DNS. The associated fee is UTF-8 encoded and
0-terminated.¶ - DNS SERVER NAME
-
The DNS server to spend. Will be an IPv4 address in dotted-decimal
beget or an IPv6 address in colon-hexadecimal beget or a DNS title.
It might perhaps perchance perhaps presumably also merely moreover be a relative GNS title ending with a
“+” high-stage enviornment.
The implementation MUST test the string syntactically for a
an IP address within the respective notation sooner than checking for a
relative GNS title.
If all three checks fail, the title MUST be treated as a DNS title.
The associated fee is UTF-8 encoded and 0-terminated.¶
5.2. Auxiliary Facts
This fragment defines the preliminary situation of auxiliary GNS chronicle kinds. Any
implementation MUST be in a situation to direction of the desired chronicle kinds
in step with Fragment 7.3.¶
5.2.1. LEHO
Applications can spend the GNS to look up IPv4 or IPv6 addresses of
web companies and products.
On the choice hand, in most cases connecting to such companies and products does no longer exclusively require
the certain guess of an address and port, but moreover requires the canonical
DNS title of the service to be transmitted over the transport protocol.
In GNS, legacy host title files present purposes the DNS title that
is required to set a connection to the sort of service.
Essentially the most stylish spend case is HTTP virtual hosting, the set a DNS title have to
be equipped within the HTTP “Host”-header.
The spend of a GNS title for the “Host”-header can also merely no longer work as
it’ll also merely no longer be globally queer.
A LEHO handy resource chronicle is anticipated to be chanced on together in a single
handy resource chronicle with an IPv4 or IPv6 address.
A LEHO DATA entry is illustrated in Figure 13.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | LEGACY HOSTNAME | / / / / | | +-----+-----+-----+-----+-----+-----+-----+-----+
The LEHO DATA Wire Format.¶
- LEGACY HOSTNAME
- A UTF-8 string (which is no longer 0-terminated) representing the legacy hostname.¶
NOTE: If an utility uses a LEHO price in an HTTP set a query to header
(e.g. “Host:” header) it must be converted to a punycode representation
[RFC5891].¶
5.2.2. NICK
Nickname files might perhaps perchance perhaps moreover be worn by zone administrators to publish an
the brand that a zone prefers to contain worn when it is referred to.
Right here is an provide to other zones what brand to spend when making a
delegation chronicle (Fragment 5.1) containing
this zone key.
This chronicle SHOULD exclusively be saved below the empty brand “@” but MAY be
returned with chronicle sets below any brand as a supplemental chronicle.
Fragment 7.3.6 info how a resolver have to direction of
supplemental and non-supplemental NICK files.
A NICK DATA entry is illustrated in Figure 14.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | NICKNAME | / / / / | | +-----+-----+-----+-----+-----+-----+-----+-----+
The NICK DATA Wire Format.¶
- NICKNAME
-
A UTF-8 string (which is no longer 0-terminated) representing the most effectively liked
brand of the zone. This string MUST NOT comprise a “.” persona.¶
5.2.3. BOX
In GNS, with the dear exception of zTLDs, every “.” in a title
delegates to another zone, and
GNS lookups are expected to return all of the major well-known
files in a single chronicle situation. Right here is incompatible with the
particular labels worn by DNS for SRV and TLSA files. Thus, GNS
defines the BOX chronicle layout to field up SRV and TLSA files and
comprise them within the chronicle situation of the brand they’re associated
with. For instance, a
TLSA chronicle for “_https._tcp.example.org” will probably be saved within the chronicle situation of
“example.org” as a BOX chronicle with service (SVC) 443 (https) and protocol (PROTO) 6
(tcp) and chronicle TYPE “TLSA”.
For reference, peep moreover [RFC2782].
A BOX DATA entry is illustrated in Figure 15.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | PROTO | SVC | TYPE | +-----------+-----------------------------------+ | RECORD DATA | / / / / | | +-----+-----+-----+-----+-----+-----+-----+-----+
The BOX DATA Wire Format.¶
- PROTO
- the 16-bit protocol number, e.g. 6 for tcp. In community byte uncover.¶
- SVC
-
the 16-bit service price of the boxed chronicle, i.e. the port number.
In community byte uncover.¶ - TYPE
- is the 32-bit chronicle form of the boxed chronicle. In community byte uncover.¶
- RECORD DATA
-
is a variable dimension field containing the “DATA” layout of TYPE as
outlined for the respective TYPE in DNS.¶
5.2.4. GTS
The GNUnet Tunnel Service chronicle is worn by
purposes to set a tunnel between two peers within the
admire-to-admire community (peep [GNUnet]).
The GTS chronicle serves as an instance of how resolvers can also merely automatically
provoke tunnel establishment and present IP address files within the
likelihood direction of as laid out in Fragment 7.¶
A GTS DATA entry wire layout is illustrated in
Figure 16.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | HOSTING PEER PUBLIC KEY | | (256 bits) | | | | | +-----------+-----------------------------------+ | PROTO | SERVICE NAME | +-----------+ + / / / / | | +-----+-----+-----+-----+-----+-----+-----+-----+
The GTS DATA Wire Format.¶
- HOSTING PEER PUBLIC KEY
-
is a 256-bit EdDSA public key figuring out the admire hosting the
service.¶ - PROTO
-
the 16-bit tunnel protocol number. In community byte uncover.
The seemingly values are outlined by the GNUnet Tunnel Service.¶ - SERVICE NAME
-
a shared secret worn to identify the service on the hosting admire,
worn to earn the port number required to glue to the service.
The service title MUST be a 0-terminated UTF-8 string.¶
6. Narrative Storage
Any API which enables storing a brand below a key and retrieving
a brand from the major might perhaps perchance perhaps moreover be worn by an implementation for chronicle storage.
We engage that an implementation realizes two procedures on high of a
storage:¶
PUT(key,price) GET(key) -> price
¶
There’s no longer any issue delete feature because the deletion of a non-expired
chronicle would require a revocation of the chronicle.
In GNS, zones can exclusively be revoked as a entire. Facts automatically
expire and it is below the discretion of the storage as to when to delete
the chronicle. The GNS implementation MUST NOT publish expired handy resource
files. Any GNS resolver MUST discard expired files returned from
the storage.¶
Handy resource files are grouped by their respective labels,
encrypted and published together in a single handy resource files block
(RRBLOCK) within the storage below a key q: PUT(q, RRBLOCK).
The major q is derived from the zone key and the respective
brand of the contained files.
The needed files of both zone key and brand together
with the equally derived symmetric secret keys and blinded zone keys
make sure set a query to privateness (peep [RFC8324], Fragment 3.5).
The storage key derivation and files
block creation is laid out within the following sections.
A consumer implementation MUST enable the user the situation up zones.
The implementation MUST spend the PUT storage direction of in uncover to update
the zone contents accordingly.¶
6.1. The Storage Key
Given a brand, the storage key q is derived as follows:¶
q := SHA-512 (HDKD-Public(zk, brand))
¶
- brand
- is a UTF-8 string below which the handy resource files are published.¶
- zk
- is the zone key.¶
- q
-
Is the 512-bit storage key below which the handy resource files block is
published.
It is a long way the SHA-512 hash [RFC6234] over the derived zone key.¶
6.2. The Facts Block (RRBLOCK)
GNS files are grouped by their labels and published as a single
block within the storage. The grouped chronicle sets MAY be paired with any
preference of supplemental files. Supplemental files have to contain the
supplemental flag situation (Be taught about Fragment 5).
The contained handy resource files are encrypted the utilization of a symmetric
encryption map.
A GNS implementation have to publish RRBLOCKs
in accordance to the properties and options of the underlying
storage. This can even merely comprise a periodic refresh newsletter.
The GNS RRBLOCK wire layout is illustrated in
Figure 17.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | ZONE TYPE | ZONE KEY | +-----+-----+-----+-----+ (BLINDED) | / / / / | | +-----+-----+-----+-----+-----+-----+-----+-----+ | SIGNATURE | / / / / | | +-----+-----+-----+-----+-----+-----+-----+-----+ | SIZE | PURPOSE | +-----+-----+-----+-----+-----+-----+-----+-----+ | EXPIRATION | +-----+-----+-----+-----+-----+-----+-----+-----+ | BDATA / / / / | +-----+-----+-----+-----+-----+-----+-----+-----+
The RRBLOCK Wire Format.¶
- ZONE TYPE
- is the 32-bit zone form.¶
- ZONE KEY
-
is the blinded zone key “ZKDF-Public(zk, brand)”
to be worn to verify SIGNATURE.¶ - SIGNATURE
-
The signature is computed over the records following
this field.
The signature is created the utilization of the Signal() feature of
the cryptosystem of the zone and the derived non-public key
“ZKDF-Deepest(d, brand)” (peep Fragment 4).¶ - SIZE
-
A 32-bit price containing the scale of the signed files following the
PUBLIC KEY field in community byte uncover. This price continually contains the
dimension of the fields SIZE (4), PURPOSE (4) and EXPIRATION (8) in
addition to the scale of the BDATA. Whereas a 32-bit price is worn,
implementations MAY refuse to publish blocks beyond a certain
dimension very a lot beneath 4 GB. On the choice hand, a minimal block dimension of
62 kilobytes MUST be supported.¶ - PURPOSE
-
A 32-bit signature cause flag. For a RRBLOCK the associated fee of this
field MUST be 15. The associated fee is encoded in community byte uncover.
The associated fee of this field corresponds to an entry within the
GANA “GNUnet Signature Goal” registry.¶ - EXPIRATION
-
Specifies when the RRBLOCK expires and the encrypted block
SHOULD be eliminated from the storage and caches as it is probably worn.
On the choice hand, purposes MAY continue to spend non-expired particular individual
files unless they expire. The associated fee MUST be situation to the
expiration time of the handy resource chronicle contained within this block with the
smallest expiration time.
If a files block contains shadow files, then the maximum
expiration time of all shadow files with matching form and the
expiration instances of the non-shadow files is thought of as.
Right here is a 64-bit absolute date in microseconds since hour of darkness
(0 hour), January 1, 1970 in community byte uncover.¶ - BDATA
- The encrypted RDATA with a total dimension of SIZE – 16.¶
A symmetric encryption map is worn to encrypt the handy resource files
situation RDATA into the BDATA field of a GNS RRBLOCK.
The wire layout of the RDATA is illustrated in
Figure 18.¶
0 8 16 24 32 40 48 56 +-----+-----+-----+-----+-----+-----+-----+-----+ | RR COUNT | EXPIRA- / +-----+-----+-----+-----+-----+-----+-----+-----+ / -TION | DATA SIZE | +-----+-----+-----+-----+-----+-----+-----+-----+ | TYPE | FLAGS | +-----+-----+-----+-----+-----+-----+-----+-----+ | DATA / / / / | +-----+-----+-----+-----+-----+-----+-----+-----+ | EXPIRATION | +-----+-----+-----+-----+-----+-----+-----+-----+ | DATA SIZE | TYPE | +-----+-----+-----+-----+-----+-----+-----+-----+ | FLAGS | DATA / +-----+-----+-----+-----+ / / +-----------------------/ / | / +-----------------------+ / / PADDING / / /
The RDATA Wire Format.¶
- RR COUNT
-
A 32-bit price containing the preference of variable-dimension handy resource
files which might perhaps perhaps presumably be
following after this field in community byte uncover.¶ - EXPIRATION, DATA SIZE, TYPE, FLAGS and DATA
-
These fields contain been outlined
within the handy resource chronicle layout in Fragment 5.
There MUST be a total of RR COUNT of these handy resource files
present.¶ - PADDING
-
When publishing an RDATA block, the implementation MUST make sure
the scale of the RDATA WITHOUT the RR COUNT field is a strength of two
the utilization of the padding field. The field MUST be situation to zero and MUST be
uncared for on receipt.
As a certain exception, chronicle sets with (exclusively) a zone delegation
chronicle form are by no map padded.
Show conceal that a chronicle situation with a delegation chronicle MUST NOT
have other files. If other files are encountered, your entire
chronicle block MUST be discarded.¶
7. Title Resolution
Names in GNS are resolved by recursively querying the chronicle storage.
Recursive on this context map that a resolver does no longer present
iterative outcomes for a collection a query to.
As another, it MUST respond to a likelihood set a query to with both the
requested handy resource chronicle or an error message in case the likelihood
fails.
In the following, we clarify how likelihood is initiated and every
iteration within the likelihood is processed.¶
GNS likelihood of a title have to start in a given starting zone indicated the utilization of
a zone key.
Particulars on how the starting zone might perhaps perchance perhaps presumably make sure are talked about in
Fragment 7.1.¶
When GNS title likelihood is requested, a desired chronicle form MAY be
equipped by the consumer.
The GNS resolver will spend the desired chronicle form to files
processing, as an instance by providing conversion of GTS files to A
or AAAA files.
On the choice hand, filtering of chronicle sets in step with the major chronicle
kinds MUST mild be performed by the consumer after the handy resource chronicle situation
is retrieved.¶
7.1. Root Zone
The likelihood of a GNS title have to start in a given start zone
indicated to the resolver the utilization of any zone key.
The local resolver can also merely contain a local start zone configured/laborious-coded
which points to a local or faraway start zone key.
A resolver consumer can also merely moreover resolve the start zone from the
suffix of the title given for likelihood or the utilization of files
retrieved out of band.
The governance model of any zone is on the only real discretion
of the zone proprietor.
On the choice hand, the preference of start zone(s) is on the only real
discretion of the local map administrator or user.
This property addresses the situation of a single hierarchy with a
centrally managed root and the linked situation of distribution and
management of root servers in DNS (peep [RFC8324], Fragment 3.10 and 3.12).¶
In the following, we give examples how a local consumer resolver SHOULD
look the start zone. The map given is no longer exhaustive and
clients MAY supplement it with other mechanisms or ignore it if the
particular utility requires a diversified direction of.¶
GNS clients MUST first are attempting to define the high-stage enviornment of
a GNS title as a zone key representation (i.e. a zTLD).
If the high-stage enviornment is indicated to be a brand representation of
a zone key with a supported zone form price, the muse zone of
the likelihood direction of is implicitly given by the suffix of the title:¶
Instance title: www.example.=> Root zone: zk of form ztype => Title to resolve from root zone: www.example
¶
In GNS, users MAY beget and situation up their beget zones.
Every local zone SHOULD be linked to a single GNS brand,
but users MAY grab to spend longer names consisting of
so a lot of labels.
If the title of a regionally managed zone fits the suffix
of the title to be resolved, likelihood MUST start from the respective local zone:¶
Instance title: www.example.org Native zones: fr = (d0,zk0) org = (d1,zk1) com = (d2,zk2) ... => Root zone: zk1 => Title to resolve from root zone: www.example
¶
At closing, extra “suffix-to-zone” mappings MAY be configured.
Suffix to zone key mappings MUST be configurable by map of a local
configuration file or database by the user or map administrator.
The suffix MAY comprise so a lot of GNS labels concatenated with a
“.”. If so a lot of suffixes match the title to resolve, the longest
matching suffix MUST be worn. The suffix dimension of two outcomes
MUST NOT be equal. This skill a misconfiguration and the
implementation MUST return an error.
If both a regionally managed zone and a configuration entry exist
for the same suffix, the regionally managed zone MUST contain precedence.¶
Instance title: www.example.org Native suffix mappings: org = zk0 example.org = zk1 example.com = zk2 ... => Root zone: zk1 => Title to resolve from root zone: www
¶
7.2. Recursion
In every step of the recursive title likelihood, there might perhaps be an
authoritative zone zk and a title to resolve. The title might perhaps perchance perhaps presumably be empty.
Before all the things, the authoritative zone is the start zone. If the title
is empty, it is interpreted because the apex brand “@”.¶
From here, the following steps are recursively performed, in uncover:¶
- Extract the ideal-most brand from the title to search up.¶
- Calculate q the utilization of the brand and zk as outlined in
Fragment 6.1.¶ - Impact a storage set a query to GET(q) to retrieve the RRBLOCK.¶
- Examine and direction of the RRBLOCK and decrypt the BDATA contained
in it as outlined by its zone form (peep moreover Fragment 6.2).¶
Upon receiving the RRBLOCK from the storage, rather than verifying the
equipped signature, the resolver MUST test that the authoritative
zone key was worn to signal the chronicle:
The derived zone key zk’ MUST match the final public key equipped in
the RRBLOCK, in another case the RRBLOCK MUST be uncared for and the storage
look up GET(q) MUST continue.¶
7.3. Narrative Processing
Narrative processing occurs on the high of a single recursion. We engage
that the RRBLOCK has been cryptographically verified and decrypted.
At this point, we have to first resolve if we contain obtained a gracious
chronicle situation within the context of the title we’re making an attempt to resolve:¶
-
Case 1:
If the the relaxation of the title to resolve is empty and the chronicle situation
does no longer comprise a delegation, CNAME or DNS2GNS chronicle,
the chronicle situation is the end result and the recursion is concluded.¶ -
Case 2:
If the title to be resolved is of the layout
“_SERVICE._PROTO” and the chronicle situation incorporates one or more matching BOX
files, the guidelines within the BOX files are the end result and the recursion
is concluded (Fragment 7.3.4).¶ -
Case 3:
If the the relaxation of the title to resolve is no longer empty and
does no longer match the “_SERVICE._PROTO” syntax, then the most as a lot as date chronicle situation
MUST comprise a single delegation chronicle (Fragment 7.3.1),
a single CNAME chronicle (Fragment 7.3.3),
or one or more GNS2DNS files (Fragment 7.3.2),
which might perhaps perhaps presumably be processed as described within the respective sections beneath.
The chronicle situation can also merely comprise any preference of supplemental files.
In another case, likelihood fails
and the resolver MUST return an empty chronicle situation.At closing, after the recursion terminates, the consumer preferences
for the chronicle form MUST be regarded as and seemingly conversions equivalent to
outlined in Fragment 7.3.5 MUST be performed.¶
7.3.1. Zone Delegation Facts
When the resolver encounters a chronicle of a supported
zone delegation chronicle form (equivalent to PKEY or EDKEY)
and the the relaxation of
the title is no longer empty, likelihood continues
recursively with the the relaxation of the title within the
GNS zone laid out within the delegation chronicle.
Implementations MUST NOT allow so a lot of diversified zone form
delegations below a single brand.
Implementations MAY give a have to any subset of zone kinds. If
an unsupported zone form is encountered, likelihood fails and an
error MUST be returned. The guidelines that the zone form is
unknown SHOULD be returned within the error description. The
implementation MAY grab no longer to return the motive for the failure,
merely impacting troubleshooting files for the user.
Implementations MUST NOT direction of zone delegation for the empty
apex brand “@”. Upon encountering a zone delegation chronicle below
this brand, likelihood fails and an error MUST be returned. The
implementation MAY grab no longer to return the motive for the failure,
merely impacting troubleshooting files for the user.¶
If the the relaxation of the title to resolve is empty and we contain
obtained a chronicle situation containing exclusively a single delegation chronicle, the
recursion is persevered with the chronicle price as authoritative zone
and the empty apex brand “@” as closing title, rather than within the case
the set the desired chronicle form is equal to the zone form, correct by map of which
case the delegation chronicle is returned and the likelihood is concluded without
resolving the empty apex brand.¶
7.3.2. GNS2DNS
When a resolver encounters one or more GNS2DNS files and the closing title
is empty and the desired chronicle form is GNS2DNS, the GNS2DNS
files are returned.¶
In another case, it is expected that the resolver first resolves the
IP addresses of the desired DNS title servers. GNS2DNS files MAY
have numeric IPv4 or IPv6 addresses, allowing the resolver to
skip this step.
The DNS server names can also merely themselves be names in GNS or DNS.
If the DNS server title ends in “.+”, the the relaxation of the title is to be
interpreted relative to the zone of the GNS2DNS chronicle.
If the DNS server title ends in a brand representation of a
zone key, the DNS server title is to be resolved in opposition to
the GNS zone zk.¶
A pair of GNS2DNS files might perhaps perchance perhaps presumably be saved below the same brand,
correct by map of which case the resolver MUST are attempting all of them.
The resolver MAY are attempting them in any uncover and even in parallel.
If so a lot of GNS2DNS files are present, the DNS title MUST be
same for all of them, if no longer the likelihood fails and an
empty chronicle situation is returned because the chronicle situation is invalid.¶
Once the IP addresses of the DNS servers contain been certain,
the DNS title from the GNS2DNS chronicle is appended
to the the relaxation of the title to be resolved, and
resolved by querying the DNS title server(s). As the DNS servers
specified are presumably authoritative DNS servers, the GNS resolver MUST
give a have to recursive DNS likelihood and MUST NOT delegate this to the
authoritative DNS servers.
The first vital recursive title likelihood end result
is returned to the consumer.
As effectively as, the resolver returns the queried DNS title as a
supplemental LEHO chronicle (Fragment 5.2.1) with a
relative expiration time of one hour.¶
Once the transition from GNS into DNS is made by map of a
GNS2DNS chronicle, there might perhaps be no longer any “going motivate”.
The (presumably recursive) likelihood of the DNS title MUST NOT
delegate motivate into GNS and should always mild exclusively practice the DNS specs.
For instance, names contained in CNAME files MUST NOT be
interpreted as GNS names.¶
GNS resolvers MUST provide a configuration
likelihood to disable DNS processing to lead certain of files leakage
and present a consistent safety profile for all title resolutions.
Such resolvers would return an empty chronicle situation upon encountering
a GNS2DNS chronicle at some stage within the recursion. On the choice hand, if GNS2DNS files
are encountered within the chronicle situation for the apex and a GNS2DNS chronicle
is explicitly requested by the utility, such files MUST
mild be returned, even when DNS give a have to is disabled by the
GNS resolver configuration.¶
7.3.3. CNAME
If a CNAME chronicle is encountered, the canonical title is
appended to the closing title, rather than if the closing title
is empty and the desired chronicle form is CNAME, correct by map of which case
the likelihood concludes with the CNAME chronicle.
If the canonical title ends in “.+”,
likelihood continues in GNS with the original title within the
most as a lot as date zone. In another case, the resulting title is resolved by map of the
default working map title likelihood direction of.
This can even merely in flip but again situation off a GNS likelihood direction of relying
on the map configuration.¶
The recursive DNS likelihood direction of can also merely yield a CNAME as effectively
which in flip can also merely both point into the DNS or GNS namespace
(if it ends in a brand representation of a zone key).
In uncover to discontinue heaps of loops, the resolver MUST
implement loop detections or limit the preference of recursive
likelihood steps.
If the closing CNAME was a DNS title, the resolver returns the DNS title
as a supplemental LEHO chronicle (Fragment 5.2.1)
with a relative expiration time of one hour.¶
7.3.4. BOX
When a BOX chronicle is obtained, a GNS resolver have to unbox it if the
title to be resolved continues with “_SERVICE._PROTO”.
In another case, the BOX chronicle is to be left untouched. This methodology, TLSA
(and SRV) files attain no longer require a separate community set a query to, and
TLSA files change into inseparable from the corresponding address
files.¶
7.3.5. GTS
At the high of the recursion,
if the queried chronicle form is both A or AAAA and the retrieved
chronicle situation incorporates no longer no longer as a lot as one GTS chronicle, the resolver SHOULD
initiate a tunnel and return the IPv4 or IPv6 tunnel address,
respectively.
If the implementation does no longer contain the ability to set
a GTS tunnel, as an instance as a end result of it is no longer connected to the GNUnet
community, the chronicle situation MUST be returned as retrieved from the community.¶
7.3.6. NICK
NICK files are exclusively relevant to the recursive resolver
if the chronicle situation in set a query to is the closing end result which is to
be returned to the consumer. The encountered NICK files can also merely both
be supplemental (peep Fragment 5) or
non-supplemental.
If the NICK chronicle is supplemental, the resolver exclusively returns the
chronicle situation if one in every of the non-supplemental files fits the
queried chronicle form.
It is a long way seemingly that one chronicle situation incorporates both supplemental
and non-supplemental NICK files.¶
The differentiation between a supplemental and non-supplemental
NICK chronicle enables the consumer to compare the chronicle to the
authoritative zone. Take exhibit of the following example:¶
Interrogate: alice.example (form=A) Consequence: A: 192.0.2.1 NICK: eve
¶
In this case, the returned NICK chronicle is non-supplemental.
For the consumer, this means that the NICK belongs to the zone
“alice.example” and is published below the empty brand alongside with an A
chronicle. The NICK chronicle must be interpreted as: The zone outlined by
“alice.example” desires to be known as “eve”.
In distinction, pick into myth the following:¶
Interrogate: alice.example (form=AAAA) Consequence: AAAA: 2001:DB8::1 NICK: john (Supplemental)
¶
In this case, the NICK chronicle is marked as supplemental. This implies that
the NICK chronicle belongs to the zone “example” and is published below the
brand “alice” alongside with an A chronicle. The NICK chronicle must be
interpreted as: The zone outlined by “example” desires to be known as
“john”. This distinction is probably well-known for other files published as
supplemental.¶
9. Security and Privacy Considerations
9.1. Cryptography
The security of cryptographic methods relies on both the strength of
the cryptographic algorithms chosen and the strength of the keys worn
with those algorithms. The security moreover relies on the engineering
of the protocol worn by the map to make sure there are no
non-cryptographic ways to circumvent the safety of the overall map.
Right here is why developers of purposes managing GNS zones SHOULD
prefer out a default zone form regarded as receive on the time of
releasing the machine.
For purposes focusing on end users which might perhaps perhaps presumably be no longer expected to
realize cryptography, the utility developer MUST NOT leave
the zone form preference of most as a lot as date zones to end users.¶
This doc concerns itself with the preference of cryptographic
algorithms to be used in GNS.
The algorithms identified on this doc are no longer known to be
broken (within the cryptographic sense) on the most as a lot as date time, and
cryptographic analysis to this point leads us to imagine that they’re
at possibility of remain receive into the foreseeable future. On the choice hand, this
is rarely primarily without slay, and it is expected that original revisions of
this doc will probably be issued on occasion to replicate the most as a lot as date
most attention-grabbing practices on this case.¶
GNS PKEY zone keys spend ECDSA over Curve25519.
Right here is an unconventional alternative,
as ECDSA is most frequently worn with other curves. On the choice hand, used
ECDSA curves are problematic for a range of causes described in
the Curve25519 and EdDSA papers. The spend of EdDSA without delay is moreover
no longer seemingly, as a hash feature is worn on the non-public key which
destroys the linearity that the GNU Title System depends upon.
We don’t appear to be attentive to anybody suggesting that the utilization of Curve25519 as a alternative
of another frequent curve of same dimension would decrease the safety of
ECDSA. GNS uses 256-bit curves as a end result of that methodology the encoded (public)
keys match into a single DNS brand, which is factual for usability.¶
By methodology of crypto-agility, every time the necessity for an updated cryptographic
map arises to, as an instance, change ECDSA over Curve25519 for
PKEY files it’ll also merely merely be presented
by map of a original chronicle form. This type of original chronicle form can also merely then change
the delegation chronicle form for future files.
The veteran chronicle form remains
and zones can iteratively migrate to the updated zone keys.¶
In uncover to make sure ciphertext indistinguishability, care must be
focused on appreciate to the initialization vector within the counter
block. In our fabricate, the IV is continually the expiration time of the
chronicle block.
For blocks with relative expiration instances it is implicitly
ensured that every time a block is published into the storage, its IV is
queer because the expiration time is calculated dynamically and increases
monotonically.
The implementation MUST make sure when relative expiration instances
are decreased that the expiration time of the next chronicle block is
continually after the closing published block.
For blocks with absolute expiration instances, the implementation
MUST make sure the expiration time is elevated when the chronicle
files adjustments. For instance, the expiration time might perhaps perchance perhaps presumably be elevated
by a single microsecond.
In case of deletion of all handy resource files below a brand, the
implementation MUST withhold be aware of the closing absolute expiration time
of the closing published handy resource block.
When original files are added below this brand later, the implementation
MUST make sure the expiration instances are after the closing published
block.
At closing, in uncover to make sure monotonically rising expiration instances
the implementation MUST withhold a local chronicle of the closing time obtained
from the map clock, in uncover to net a monotonic clock in case
the map clock jumps backwards.¶
9.2. Abuse Mitigation
GNS names are UTF-8 strings. In consequence, GNS faces same points
with appreciate to title spoofing as DNS does for internationalized
domains.
In DNS, attackers can also merely register same sounding or having a look
names (peep above) in uncover to attain phishing assaults.
GNS zone administrators have to think this attack vector and
incorporate principles in uncover to mitigate it.¶
Extra, DNS might perhaps perchance perhaps moreover be worn to strive in opposition to illegal speak on the web
by having the respective domains seized by authorities.
On the choice hand, the same mechanisms can moreover be abused in uncover to impose
teach censorship, which is one in every of the motivations within the motivate of GNS.
Due to the this reality, the sort of seizure is, by fabricate, complex to very no longer probably in GNS.¶
9.3. Zone Management
In GNS, zone administrators deserve to manage and protect their zone
keys. Once a zone secret’s lost it is a long way no longer going to be recovered. Once it is
compromised it is a long way no longer going to be revoked (unless a revocation message was
pre-calculated and is mild accessible).
Zone administrators, and for GNS this contains end-users, are
required to responsibly and diligently protect their cryptographic
keys.
GNS helps offline signing of files.
It does no longer give a have to separate zone signing and key-signing keys
(as in [RFC6781]) in uncover to give usable safety.¶
In an identical type, users are required to manage their local root zone.
In uncover to make sure integrity and availability or names, users have to
make sure their local root zone files is no longer compromised or
outdated-fashioned.
It might perhaps perchance perhaps presumably moreover be expected that the processing of zone revocations and an
preliminary root zone is equipped with a GNS consumer implementation
(“drop transport”).
Extension and customization of the zone is on the beefy discretion of
the user.¶
Whereas implementations following this specification will probably be
interoperable, if two implementations join to diversified storages
they’re mutually unreachable.
This can even merely end result in a teach the set a chronicle can also merely exist within the worldwide
namespace for a particular title, but the implementation is no longer
talking with the storage and is as a end result of this reality unable to resolve it.
This distress is same to a destroy up-horizon DNS configuration.
Which storages are utilized most frequently rely upon the utility
it is built for.
The storage worn will perhaps rely upon the actual utility
context the utilization of GNS likelihood.
For instance, one utility might perhaps perchance perhaps presumably be the likelihood of hidden companies and products
within the Tor community.
Implementations of “aggregated” storages are seemingly, but
are expected to be the exception.¶
9.4. Impact of DHTs as Underlying Storage
This doc does no longer specify the properties of the underlying
storage which is required by any GNS implementation.
For implementers the utilization of a DHT as underlying storage, it is a long way needed
to exhibit that the properties of the DHT are without delay inherited by the
GNS implementation. This contains both safety as effectively as
other non-purposeful properties equivalent to scalability and performance.
Implementers should always mild pick monumental care when selecting or enforcing
a DHT to be used in a GNS implementation.
DHTs with sturdy safety and performance ensures exist
[R5N].
It might perhaps perchance perhaps presumably mild moreover be taken into consideration that GNS implementations
which build upon diversified DHT overlays are no longer at possibility of be
interoperable with every other.¶
9.5. Revocations
Zone administrators are instructed to pre-generate zone revocations
and securely store the revocation files in case the zone
secret’s lost, compromised or modified within the long urge.
Pre-calculated revocations can also merely change into invalid as a end result of expirations
or protocol adjustments equivalent to epoch adjustments.
In consequence, implementers and users have to manufacture precautions in uncover
to manage revocations accordingly.¶
Revocation payloads attain NOT comprise a ‘original’ key for key alternative.
Inclusion of the sort of key would contain two major disadvantages:¶
If revocation is worn after a non-public key was compromised,
allowing key alternative would be unhealthy: if an
adversary took over the non-public key, the adversary might perhaps perchance perhaps presumably then
broadcast a revocation with a key alternative. For the choice,
the compromised proprietor would don’t contain any likelihood to situation even a
revocation. Thus, allowing a revocation message to interchange a non-public
key makes coping with key compromise eventualities worse.¶
Most often, key revocations are worn with the fair of altering
cryptosystems. Migration to another cryptosystem by replacing keys
by map of a revocation message would exclusively be receive so long as both
cryptosystems are mild receive in opposition to forgery. This type of deliberate,
non-emergency migration to another cryptosystem must be performed by
running zones for both ciphersystems in parallel for a whereas. The
migration would fabricate by revoking the legacy zone key exclusively as soon as
it is deemed no longer receive, and optimistically after most users contain
migrated to the choice.¶
9.6. Mark Guessing
Narrative blocks are published encrypted the utilization of keys derived from the
zone key and chronicle brand. Zone administrators should always mild
carefully pick into myth if the brand and zone key might perhaps perchance perhaps presumably be public or if
those must be worn and regarded as as a shared secret.
Not like zone keys, labels can moreover be guessed by
an attacker within the community watching queries and responses. Given
a known and centered zone key, the spend of effectively known or without difficulty guessable
labels effectively end result in frequent disclosure of the guidelines to
the final public.
If the labels and as a end result of this reality the guidelines must be saved secret rather than to
those lustrous a secret brand and the zone correct by map of which to search, the
brand must be chosen accordingly. It is a long way urged to then spend a
brand with ample entropy as to discontinue guessing assaults.¶
It must be notorious that this attack on labels exclusively applies if the
zone secret’s somehow disclosed to the adversary. GNS itself
does no longer characterize it at some stage in a look up or when handy resource files are
published because the zone keys are blinded beforehand.¶
10. GANA Considerations
GANA [GANA]
is requested to beget an “GNU Title System Narrative Kinds” registry.
The registry shall chronicle for every entry:¶
- Title: The title of the chronicle form (case-insensitive ASCII
string, restricted to alphanumeric characters. For zone delegation
files, the assigned number represents the ztype price of the zone.¶ - Number: 32-bit, above 65535¶
- Comment: Optionally, a swiftly English text describing the reason for
the chronicle form (in UTF-8)¶ - Contact: Optionally, the contact files of an particular individual to contact for
extra files.¶ - References: Optionally, references describing the chronicle form
(equivalent to an RFC)¶
The registration coverage for this sub-registry is “First Arrive First
Served”. This coverage is modeled on that described in [RFC8126],
but describes the actions taken by GANA.¶
Including files is seemingly after knowledgeable review, the utilization of a
first-come-first-served coverage for queer title allocation.
Consultants are guilty to make sure the chosen “Title” is
appropriate for the chronicle form.
The registry will place a certain number for the entry.¶
Essentially the most as a lot as date contact(s) for knowledgeable review are reachable at
gns-registry@gnunet.org.¶
Any set a query to MUST have a certain title and a point of contact.
The contact files MAY be added to the registry given the consent
of the requester.
The set a query to MAY optionally moreover have relevant references as effectively
as a descriptive comment as outlined above.¶
GANA is requested to populate this registry as listed in
Figure 19.¶
Number | Title | Contact | References | Comment -------+---------+---------+------------+------------------------- 65536 | PKEY | N/A | [This.I-D] | GNS zone delegation (PKEY) 65537 | NICK | N/A | [This.I-D] | GNS zone nickname 65538 | LEHO | N/A | [This.I-D] | GNS legacy hostname 65539 | GTS | N/A | [This.I-D] | GTS tunnel metadata 65540 | GNS2DNS | N/A | [This.I-D] | Delegation to DNS 65556 | EDKEY | N/A | [This.I-D] | GNS zone delegation (EDKEY)
The GANA Handy resource Narrative Registry.¶
GANA is requested to amend the “GNUnet Signature Goal” registry
as illustrated in Figure 20.¶
Goal | Title | References | Comment --------+-----------------+------------+-------------------------- 3 | GNS_REVOCATION | [This.I-D] | GNS zone key revocation 15 | GNS_RECORD_SIGN | [This.I-D] | GNS chronicle situation signature
Requested Adjustments within the GANA GNUnet Signature Goal Registry.¶
11. IANA Considerations
This doc makes no requests for IANA action.
This fragment might perhaps perchance perhaps presumably be eliminated on newsletter as an RFC.¶
12. Implementation and Deployment Predicament
There are two implementations conforming to this specification written
in C and Crawl, respectively. The C implementation as phase of GNUnet
[GNUnetGNS] represents the distinctive
and reference implementation. The Crawl implementation
[GoGNS] demonstrates how two implementations of GNS are
interoperable provided that they’re built on high of the same underlying
DHT storage.¶
Today, the GNUnet admire-to-admire community [GNUnet]
is an active deployment of GNS on high of its [R5N]
DHT. The [GoGNS] implementation uses this deployment
by constructing on high of the GNUnet DHT companies and products accessible on any
GNUnet admire. It reveals how GNS implementations and consumer resolvers
can place to this present deployment and take part in title
likelihood as effectively as zone newsletter.¶
13. Check Vectors
The next represents a test vector for a chronicle situation with a DNS
chronicle of form “A” as effectively as a GNS chronicle of form “PKEY”
below the brand “test”.¶
Zone non-public key (d, monumental-endian): 50d7b652a4efeadf f37396909785e595 2171a02178c8e7d4 50fa907925fafd98 Zone identifier (ztype|zkey): 00010000677c477d 2nd93097c85b195c6 f96d84ff61f5982c 2c4fe02d5a11fedf b0c2901f Encoded zone identifier (zkl = zTLD): 000G0037FH3QTBCK15Y8BCCNRVWPV17ZC7TSGB1C9ZG2TPGHZVFV1GMG3W Mark: test RRCOUNT: 2 Narrative #0 EXPIRATION: 14888744139323793 DATA_SIZE: 4 TYPE: 1 FLAGS: 0 DATA: 01020304 Narrative #1 EXPIRATION: 26147096139323793 DATA_SIZE: 36 TYPE: 65536 FLAGS: 2 DATA: 000100000e601be4 2eb57fb4697610cf 3a3b18347b65a33f 025b5b174abefb30 807bfecf RDATA: 000000020034e53b e193799100000004 0000000100000000 01020304005ce4a5 394advert99100000024 0001000000000002 000100000e601be4 2eb57fb4697610cf 3a3b18347b65a33f 025b5b174abefb30 807bfef00000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 Encryption NONCE|EXPIRATION|BLOCK COUNTER: 67ebda270034e53b e193799100000001 Encryption key (Okay): 551f157acf2bf1d4 a975036999ea7c82 86acb318f1493e63 b500603a9b02e3e4 BDATA: 00e4837eb5d04f92 903de4b5234e8cca c5736c9793379a59 c33375fc8951aca2 eb7aad067bf9af60 bf26758646a17f5e 5c3b6215f9407954 5b1c4d4f1b2ebb22 c2b4dad44126817b 6f001530d476401d d67ac0148554e806 353da9e4298079f3 e1b16942c48d90c4 360c61238c40d9d5 2911aea52cc0037a c7160bb3cf5b2f4a 722fd96b RRBLOCK: 000100008e16da87 203b5159c5538e9b 765742e968c54af9 afbc0890dc80205a d14c84e107b0c115 fc0089aa38b9c7ab 9cbe1d77040d282a 51a2ad493f61f349 5f02d8170fe473a5 5ec6bdf9a509ab17 01ffc37ea3bb4cac 4a672520986df96e 67cc1a7300000094 0000000f0034e53b e193799100e4837e b5d04f92903de4b5 234e8ccac5736c97 93379a59c33375fc 8951aca2eb7aad06 7bf9af60bf267586 46a17f5e5c3b6215 f94079545b1c4d4f 1b2ebb22c2b4dad4 4126817b6f001530 d476401dd67ac014 8554e806353da9e4 298079f3e1b16942 c48d90c4360c6123 8c40d9d52911aea5 2cc0037ac7160bb3 cf5b2f4a722fd96b
¶
The next represents a test vector for a chronicle situation with a DNS
chronicle of form “A” as effectively as a GNS chronicle of form “EDKEY”
below the brand “test”.¶
Zone non-public key (d): 31a47c48b4e2a46e 402c0bd3954711c7 bb51a6f36c463a6f 99450ba0794cf651 Zone identifier (ztype|zkey): 00010014428b3fab 5a4c875d2910d67f 1cc43c2fcad040e8 40e22f7e3dcfa53c b964123d Encoded zone identifier (zkl = zTLD): 000G0522HCZTPPJCGXEJJ46PFWEC8F1FSB841T20W8QQWFEFMMYBJS0J7M Mark: test RRCOUNT: 2 Narrative #0 EXPIRATION: 14888744139491809 DATA_SIZE: 4 TYPE: 1 FLAGS: 0 DATA: 01020304 Narrative #1 EXPIRATION: 26147096139491809 DATA_SIZE: 36 TYPE: 65556 FLAGS: 2 DATA: 000100144f8860bd c9c90388c485eed1 a2bac92ee825e448 e3fe411fc35ed61d 970d9c98 RDATA: 000000020034e53b e19609e100000004 0000000100000000 01020304005ce4a5 394d69e100000024 0001001400000002 000100144f8860bd c9c90388c485eed1 a2bac92ee825e448 e3fe411fc35ed61d 970d9c9800000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 Encryption NONCE|EXPIRATION: 6ce308199d2cad48 fd960ae3bf255899 0034e53be19609e1 Encryption key (Okay): 57fa0223a3533cdd 6392e1f72c3edab0 f684429ae0eb6134 7e90f617363c768d BDATA: 3fce073d7b8d092d f4444a938cf0641d f8dc1c505bda6c1a 6b7dfd0a31e9b150 2nd180299d11f17cb 47a24464bb8c983c 5518e04a406f80eb 1f86b70dc7740669 bbb72d39b1da4570 26fadc370417919e 67cce8452985f504 e6a47f864ed3e7c8 88feda90a43da955 47d336fc70697a42 46e7e5dfc6957ece 20dd4c2041advert206f 3b5098414c3a6667 6dc0778078af272e 76522335 RRBLOCK: 000100142e74734d 1584d0f242d57eae 6462e297ffb8d8c7 35b0ebbc16f9adce 512ff443b0965dad a47c040b2ecca35f 3ad3e2b126b6f074 872cedf2a96c06a9 4cd3d71c44e625af a76ce81b7022fbd1 2fcc06c36ce81ea5 66d15065c9e0a9dc 4a0a400a000000a4 0000000f0034e53b e19609e13fce073d 7b8d092df4444a93 8cf0641df8dc1c50 5bda6c1a6b7dfd0a 31e9b1502d180299 d11f17cb47a24464 bb8c983c5518e04a 406f80eb1f86b70d c7740669bbb72d39 b1da457026fadc37 0417919e67cce845 2985f504e6a47f86 4ed3e7c888feda90 a43da95547d336fc 70697a4246e7e5df c6957ece20dd4c20 41advert206f3b509841 4c3a66676dc07780 78af272e76522335
¶
The next is an example revocation for a zone:¶
Zone non-public key (d, monumental-endian scalar): 6b1ee07223116bd7 dad0f22677c5dd33 823b204e5e845d19 7e64f1b66879ced0 Zone identifier (ztype|zkey): 00010000432ff523 fc9dd390ba829320 75ff7283df74cd96 204838dd0448b4f9 4a40f932 Encoded zone identifier (zkl = zTLD): 000G00235ZTJ7Z4XTE8BN0MK41TZYWM3VXTCV5H090WDT128PKWMMG7S68 Bid (5 gross situation + 2 epochs): 7 Proof: 0005d657213d208c 0000395d1827c000 7fcb353aff966e2e 7fcb353aff96708a 7fcb353aff967108 7fcb353aff967152 7fcb353aff967164 7fcb353aff96718f 7fcb353aff967213 7fcb353aff9672d4 7fcb353aff9673ae 7fcb353aff9673b5 7fcb353aff967402 7fcb353aff96746e 7fcb353aff96750b 7fcb353aff967546 7fcb353aff96755f 7fcb353aff96762c 7fcb353aff967634 7fcb353aff967695 7fcb353aff9676a5 7fcb353aff9676cb 7fcb353aff9676eb 7fcb353aff9676f4 7fcb353aff96771d 7fcb353aff967755 7fcb353aff96777e 7fcb353aff9677b4 7fcb353aff9678a2 7fcb353aff967914 7fcb353aff967941 7fcb353aff967aa9 7fcb353aff967d04 7fcb353aff967d1b 00010000432ff523 fc9dd390ba829320 75ff7283df74cd96 204838dd0448b4f9 4a40f93200010000 075713bbc84bd10e e9efe31ab81893c1 c813e0a19761c070 fd52827e3929c9b5 0a6841a44c8b37de b9f76ffcb798c0d5 b9ae0482cdaa9095 2fb5aa5bc7a1c120
¶
14. Normative References
- [RFC1034]
-
Mockapetris, P., “Domain names – ideas and amenities”, STD 13, RFC 1034, DOI 10.17487/RFC1034, ,
- [RFC1035]
-
Mockapetris, P., “Domain names – implementation and specification”, STD 13, RFC 1035, DOI 10.17487/RFC1035, ,
- [RFC2782]
-
Gulbrandsen, A., Vixie, P., and L. Esibov, “A DNS RR for specifying the placement of companies and products (DNS SRV)”, RFC 2782, DOI 10.17487/RFC2782, ,
- [RFC2119]
-
Bradner, S., “Key words to be used in RFCs to Present Requirement Stages”, BCP 14, RFC 2119, DOI 10.17487/RFC2119, ,
- [RFC3629]
-
Yergeau, F., “UTF-8, a metamorphosis layout of ISO 10646”, STD 63, RFC 3629, DOI 10.17487/RFC3629, ,
- [RFC3686]
-
Housley, R., “The spend of Evolved Encryption Well-liked (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)”, RFC 3686, DOI 10.17487/RFC3686, ,
- [RFC3826]
-
Blumenthal, U., Maino, F., and Okay. McCloghrie, “The Evolved Encryption Well-liked (AES) Cipher Algorithm within the SNMP Person-primarily based mostly Security Mannequin”, RFC 3826, DOI 10.17487/RFC3826, ,
- [RFC5869]
-
Krawczyk, H. and P. Eronen, “HMAC-primarily based mostly Extract-and-Make bigger Key Derivation Feature (HKDF)”, RFC 5869, DOI 10.17487/RFC5869, ,
- [RFC5890]
-
Klensin, J., “Internationalized Domain Names for Applications (IDNA): Definitions and Doc Framework”, RFC 5890, DOI 10.17487/RFC5890, ,
- [RFC5891]
-
Klensin, J., “Internationalized Domain Names in Applications (IDNA): Protocol”, RFC 5891, DOI 10.17487/RFC5891, ,
- [RFC6234]
-
Eastlake third, D. and T. Hansen, “US Stable Hash Algorithms (SHA and SHA-primarily based mostly HMAC and HKDF)”, RFC 6234, DOI 10.17487/RFC6234, ,
- [RFC6895]
-
Eastlake third, D., “Domain Title System (DNS) IANA Considerations”, BCP 42, RFC 6895, DOI 10.17487/RFC6895, ,
- [RFC6979]
-
Pornin, T., “Deterministic Utilization of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)”, RFC 6979, DOI 10.17487/RFC6979, ,
- [RFC7748]
-
Langley, A., Hamburg, M., and S. Turner, “Elliptic Curves for Security”, RFC 7748, DOI 10.17487/RFC7748, ,
- [RFC8032]
-
Josefsson, S. and I. Liusvaara, “Edwards-Curve Digital Signature Algorithm (EdDSA)”, RFC 8032, DOI 10.17487/RFC8032, ,
- [RFC8126]
-
Cotton, M., Leiba, B., and T. Narten, “Guidelines for Writing an IANA Considerations Fragment in RFCs”, BCP 26, RFC 8126, DOI 10.17487/RFC8126, ,
- [RFC8174]
-
Leiba, B., “Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words”, BCP 14, RFC 8174, DOI 10.17487/RFC8174, ,
- [RFC8499]
-
Hoffman, P., Sullivan, A., and Okay. Fujiwara, “DNS Terminology”, BCP 219, RFC 8499, DOI 10.17487/RFC8499, ,
- [RFC9106]
-
Biryukov, A., Dinu, D., Khovratovich, D., and S. Josefsson, “Argon2 Memory-Tough Feature for Password Hashing and Proof-of-Work Applications”, RFC 9106, DOI 10.17487/RFC9106, ,
- [GANA]
-
GNUnet e.V., “GNUnet Assigned Numbers Authority (GANA)”, ,
- [MODES]
-
Dworkin, M., “Recommendation for Block Cipher Modes of Operation: Solutions and Tactics”, ,
- [CrockfordB32]
-
Douglas, D., “Snide32”, ,
- [XSalsa20]
-
Bernstein, D., “Extending the Salsa20 nonce”, ,
- [Unicode-UAX15]
-
Consortium, T. U., “Unicode Well-liked Annex #15: Unicode Normalization Kinds, Revision 31”, ,
15. Informative References
- [RFC6781]
-
Kolkman, O., Mekking, W., and R. Gieben, “DNSSEC Operational Practices, Version 2”, RFC 6781, DOI 10.17487/RFC6781, ,
- [RFC7363]
-
Maenpaa, J. and G. Camarillo, “Self-Tuning Distributed Hash Desk (DHT) for REsource LOcation And Discovery (RELOAD)”, RFC 7363, DOI 10.17487/RFC7363, ,
- [RFC8324]
-
Klensin, J., “DNS Privacy, Authorization, Special Uses, Encoding, Characters, Matching, and Root Construction: Time for Another Stumble on?”, RFC 8324, DOI 10.17487/RFC8324, ,
- [Tor224]
-
Goulet, D., Kadianakis, G., and N. Mathewson, “Next-Generation Hidden Services and products in Tor”, ,
- [SDSI]
-
Rivest, R. and B. Lampson, “SDSI – A Straightforward Distributed Security Infrastructure”, ,
- [Kademlia]
-
Maymounkov, P. and D. Mazieres, “Kademlia: A admire-to-admire files map in step with the xor metric.”, ,
- [ed25519]
-
Bernstein, D., Duif, N., Lange, T., Schwabe, P., and B. Yang, “Excessive-Velocity Excessive-Security Signatures”, ,
- [GNS]
- Wachs, M., Schanzenbach, M., and C. Grothoff, “A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Title System”,
NOW WITH OVER +8500 USERS. other folks can Be a part of Knowasiak for free. Register on Knowasiak.com
Read More