gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lsd0001] branch master updated: more

From: gnunet
Subject: [lsd0001] branch master updated: more
Date: Sun, 06 Sep 2020 10:58:16 +0200 
This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository lsd0001.

The following commit(s) were added to refs/heads/master by this push:
     new 495b02b  more
495b02b is described below

commit 495b02b508e08477eb8e2aaa06fdbd0ea92ecfee
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
AuthorDate: Sun Sep 6 10:51:46 2020 +0200

    more
---
 draft-schanzen-gns.xml | 50 ++++++++++++++++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 18 deletions(-)

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 25530b6..65c7113 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -136,14 +136,21 @@
        A zone in GNS is defined by a public/private key pair (d,zk),
        where d is the private key and zk the corresponding public key.
        The contents of a zone are cryptographically signed before
-       publishing. Instead of the zone private key "d", the signature MUST
+       being published a Distributed Hash Table (DHT).
+       Records are grouped by their label and encrypted (<xref 
target="recordencryption"/>)
+       using an encryption key derived from the label and the zone public key.
+       Instead of the zone private key "d", the signature MUST
        be created using a blinded public/private key pair d' and zk'.
        This blinding is realized using a Hierarchical Deterministic Key
        Derivation (HDKD) scheme.
-       Such a scheme allows the zone owner to derivate a private d' and a
+       Such a scheme allows the zone owner to derive a private d' and a
        resolver to derive the corresponding public key zk' in a deterministic
        manner from the original public and private zone keys as well as a
-       label.
+       label. This feature prevents zone enumeration and requires knowledge
+       of both "zk" and the queried label to confirm affiliation with a
+       specific zone. At the same time, the blinded "zk'" provides nodes
+       with the ability to verifiy the integrity of the published information
+       without disclosing the originating zone.
      </t>
      <t>
        The following primitives define a zone in GNS:
@@ -177,12 +184,14 @@
          is a HDKD function which blinds a public zone key "zk" of the
          respective type.
        </dd>
-       <dt>TLD(zk) -> zkl</dt>
+       <dt>NameSuffix(ztype, zk) -> zkl</dt>
        <dd>
          is a function which defines a mapping from zone public key to
          a string "zkl" of the respective type.
-         It is string which encodes the "ztype" as well as the zone
-         key "zk" into one or more labels.
+         It is a string which encodes the "ztype" as well as the zone
+         key "zk" into one or more labels. The "zkl" is used as a
+         globally unique reference to a specific namespace in the
+         process of name resolution.
        </dd>
      </dl>
      <t>
@@ -763,7 +772,7 @@ q := SHA512 (HDKD-Public(zk, label))
 |                                               |
 +-----+-----+-----+-----+-----+-----+-----+-----+
 |       ZONE TYPE       |    PUBLIC ZONE KEY    |
-+-----+-----+-----+-----+                       |
++-----+-----+-----+-----+       (BLINDED)       |
 /                                               /
 /                                               /
 |                                               |
@@ -784,12 +793,17 @@ q := SHA512 (HDKD-Public(zk, label))
          <dd>
            The signature is computed over the data following
            the PUBLIC KEY field.
-           The signature is created using the derived private key "d'" (see
-           <xref target="zone_types" />).
+           The signature is created using the derived private key
+           "HDKD-Private(d, label)" (see <xref target="zone_types" />).
          </dd>
-         <dt>PUBLIC KEY</dt>
+         <dt>ZONE TYPE</dt>
+         <dd>
+           is the 32-bit zone type.
+         </dd>
+         <dt>ZONE PUBLIC KEY</dt>
          <dd>
-           is the public key "zk'" to be used to verify SIGNATURE.
+           is the blinded public zone key "HDKD-Public(zk, label)"
+           to be used to verify SIGNATURE.
          </dd>
          <dt>SIZE</dt>
          <dd>
@@ -1512,15 +1526,15 @@ NICK: john (Supplemental)
    particular application requires a different process.
        </t>
        <t>
-         GNS clients SHOULD first try to interpret the top-level domain of
-         a GNS name as a zone key.
-         For example. if the top-level domain is a label representation of
-         a public zone key "zkl", the root zone of the resolution process
-         is implicitly given by the name:
+         GNS clients MUST first try to interpret the top-level domain of
+         a GNS name as a zone key representation "zkl := NameSuffix(ztype, 
zk)".
+         If the top-level domain is indicated to be a label representation of
+         a public zone key with a well-defined "ztype" value, the root zone of
+         the resolution process is implicitly given by the suffic of the name:
        </t>
        <artwork name="" type="" align="left" alt=""><![CDATA[
-Example name: www.example.<zkl>
-=> Root zone: zk
+Example name: www.example.<NameSuffix(ztype, zk)>
+=> Root zone: zk of type ztype
 => Name to resolve from root zone: www.example
          ]]></artwork>
        <t>

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]