[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0001] branch master updated: ise attempt to improve sign description
|
From: |
gnunet |
|
Subject: |
[lsd0001] branch master updated: ise attempt to improve sign descriptions |
|
Date: |
Wed, 16 Feb 2022 18:53:13 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new 58d255d ise attempt to improve sign descriptions
58d255d is described below
commit 58d255d00384b43f2215f2cc4c45a2e85610cb5b
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Wed Feb 16 18:53:09 2022 +0100
ise attempt to improve sign descriptions
---
draft-schanzen-gns.xml | 35 ++++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index c6e2704..c4d86c1 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -137,7 +137,7 @@
<xref target="RFC8324"/>.
GNS can bind names to any kind of
cryptographically secured token, enabling it to double in some respects
as
- even as an alternative to some of today’s Public Key Infrastructures, in
+ an alternative to some of today’s Public Key Infrastructures, in
particular X.509 for the Web.
</t>
<t>
@@ -294,7 +294,7 @@
to its immediate parent zone. In
order to support (legacy) applications as well as to facilitate the use
of petnames, GNS defines auxiliary record types in addition to
- supporting traditional DNS records.
+ supporting existing DNS records.
</t>
<t>
Zone contents are encrypted and signed
@@ -409,21 +409,34 @@
data based on key material derived from the zone key,
a label, and an expiration timestamp.
</dd>
- <dt>Sign(d,message) -> signature, SignDerived(d,label,message) ->
signature</dt>
+ <dt>Sign(d,message) -> signature</dt>
<dd>
- is a function to sign a message (typically encrypted record data)
using the (blinded) private
- key d (d'), yielding an unforgeable cryptographic signature.
+ is a function to sign a message (typically encrypted record data)
using the private
+ key d, yielding an unforgeable cryptographic signature.
In order to leverage performance-enhancing caching features of certain
underlying storages, in particular DHTs, a deterministic signature
scheme is recommended.
</dd>
- <dt>Verify(zk,message,signature) -> boolean,
VerifyDerived(zk,label,message,signature) -> boolean</dt>
+ <dt>Verify(zk,message,signature) -> boolean</dt>
<dd>
- is a function to verify the signature was created by
- the private key d (or derived key d') corresponding to
- the zone key zk (or derived zone key zk')
- where d,zk := Keygen(). If derivations were used, they
- must have used the same label.
+ is a function to verify the signature was created using
+ the private key d corresponding to the zone key zk
+ where d,zk := Keygen().
+ The function returns a boolean value of "TRUE" if the signature is
valid,
+ and otherwise "FALSE".
+ </dd>
+ <dt>SignDerived(d,label,message) -> signature</dt>
+ <dd>
+ is a function to sign a message (typically encrypted record data) that
+ can be verified using the derived zone key zk' :=
ZKDF-Public(zk,label).
+ In order to leverage performance-enhancing caching features of certain
+ underlying storages, in particular DHTs, a deterministic signature
+ scheme is recommended.
+ </dd>
+ <dt>VerifyDerived(zk,label,message,signature) -> boolean</dt>
+ <dd>
+ is function to verify the signature using the derived zone key
+ zk' := ZKDF-Public(zk,label).
The function returns a boolean value of "TRUE" if the signature is
valid,
and otherwise "FALSE".
</dd>
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0001] branch master updated: ise attempt to improve sign descriptions,
gnunet <=