[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0001] branch master updated: try to be more clear what is prevented/
From: |
gnunet |
Subject: |
[lsd0001] branch master updated: try to be more clear what is prevented/enabled |
Date: |
Fri, 30 Jun 2023 18:45:16 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new 2656351 try to be more clear what is prevented/enabled
2656351 is described below
commit 2656351489f84f930558d4b60dcb891e3a93975f
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Fri Jun 30 18:45:12 2023 +0200
try to be more clear what is prevented/enabled
---
draft-schanzen-gns.xml | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index f6dd19e..a6ab6bd 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -440,18 +440,19 @@
example.000G006K2TJNMD9VTCYRX7BRVV3HAEPS15E6NHDXKPJA1KAJJEG9AFF884
Starting from a configurable start zone, names are resolved by
following zone
delegations recursively as illustrated in <xref
target="figure_arch_resolv"/>.
For each label in a name, the recursive GNS resolver
- fetches the respective record from the storage layer (<xref
target="resolution"/>).
+ fetches the respective record set from the storage layer (see <xref
target="resolution"/>).
Without knowledge of the label values and the zone keys, the
different derived keys are unlinkable both to the original zone key
and to each
other.
- This prevents zone enumeration (except via impractical online brute
- force attacks) and requires knowledge
- of both the zone key and the label to confirm affiliation of a
+ This prevents zone enumeration (except via expensive online brute
+ force attacks): To confirm affiliation of a
query or the corresponding encrypted record set with a
- specific zone. At the same time, the blinded zone key provides
- resolvers
- with the ability to verify the integrity of the published information
- without disclosing the originating zone.
+ specific zone requires knowledge of both the zone key and the label,
+ neither of which are disclosed to remote storage by the protocol.
+ At the same time, the blinded zone key and digital signatures
+ associated with each encrypted record set allow resolvers and
oblivious remote
+ storage to verify the integrity of the published information
+ without disclosing anything about the originating zone or the record
sets.
</t>
<figure anchor="figure_arch_resolv" title="High-level view of the GNS
resolution process.">
<artwork name="" type="" align="left" alt=""><![CDATA[
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0001] branch master updated: try to be more clear what is prevented/enabled,
gnunet <=