[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0001] branch master updated: changed wording more for private zone k
|
From: |
gnunet |
|
Subject: |
[lsd0001] branch master updated: changed wording more for private zone key to private key |
|
Date: |
Sun, 16 Jan 2022 20:57:48 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new 07dc580 changed wording more for private zone key to private key
07dc580 is described below
commit 07dc5800405a9105603d80e2be3c42b79be78cbb
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Sun Jan 16 20:57:44 2022 +0100
changed wording more for private zone key to private key
---
draft-schanzen-gns.xml | 86 +++++++++++++++++++++++++-------------------------
1 file changed, 43 insertions(+), 43 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 6effff4..987082e 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -191,7 +191,7 @@
using a blinded public/private key pair.
This blinding is realized using a deterministic key
derivation from
- the original public and private zone keys using record label values.
+ the original zone key and corresponding private key using record label
values.
Specifically, the zone owner can derive private keys for each record
set published under a label, and a
resolver can derive the corresponding public keys.
@@ -207,12 +207,12 @@
Names in GNS are domain names as defined in <xref target="RFC8499"/>.
Starting from a configurable root zone, names are resolved following
zone
delegations which are recursively queried from the storage (<xref
target="resolution"/>).
- Without knowledge of the label values and the zone public keys, the
+ Without knowledge of the label values and the zone keys, the
different derived keys are unlinkable both to the original key and to
each
other.
This prevents zone enumeration and requires knowledge
- of both the public zone key and the label to confirm affiliation with a
- specific zone. At the same time, the blinded zone public key provides
+ of both the zone key and the label to confirm affiliation with a
+ specific zone. At the same time, the blinded zone key provides
resolvers
with the ability to verify the integrity of the published information
without disclosing the originating zone.
@@ -246,7 +246,7 @@
delegation into a zone of this type.
</t>
<t>
- For any zone, d is the private zone key. zk is the public zone key.
+ For any zone, d is the private key. zk is the zone key.
The specific formats depends on the zone type.
The creation of zone keys for the default zone types are specified in
<xref target="gnsrecords_delegation"/>.
@@ -257,21 +257,21 @@
<dl>
<dt>Private-KeyGen() -> d</dt>
<dd>
- is a function to generate a fresh private zone key d.
+ is a function to generate a fresh private key d.
</dd>
<dt>Public-KeyGen(d) -> zk</dt>
<dd>
- is a function to derive a public zone key zk from a private key d.
+ is a function to derive a zone key zk from a private key d.
</dd>
<dt>ZKDF-Private(d,label) -> d'</dt>
<dd>
- is a zone key derivation function which blinds a private zone key d
+ is a zone key derivation function which blinds a private key d
using label, resulting in another private key which
can be used to create cryptographic signatures.
</dd>
<dt>ZKDF-Public(zk,label) -> zk'</dt>
<dd>
- is a zone key derivation function which blinds a public zone key zk
+ is a zone key derivation function which blinds a zone key zk
using a label. zk and zk' must be unlinkable. Furthermore,
blinding zk with different values for the label must result
in unlinkable different resulting values for zk'.
@@ -279,7 +279,7 @@
<dt>S-Encrypt(zk,label,nonce,expiration,message) -> ciphertext</dt>
<dd>
is a deterministic symmetric encryption function which encrypts the
record
- data based on key material derived from the public zone key,
+ data based on key material derived from the zone key,
a label, a nonce and an expiration.
In order to leverage performance-enhancing caching features of certain
underlying storages, in particular DHTs, a deterministic encryption
@@ -288,7 +288,7 @@
<dt>S-Decrypt(zk,label,nonce,expiration,ciphertext) -> message</dt>
<dd>
is a symmetric encryption function which decrypts the encrypted record
- data based on key material derived from the public zone key,
+ data based on key material derived from the zone key,
a label, a nonce an expiration.
</dd>
<dt>Sign(d',message) -> signature</dt>
@@ -311,14 +311,14 @@
<name>Zone ID</name>
<t>The zone ID zid is a unique public identifier of a zone.
- It consists of the ztype and the public zone key zk.
+ It consists of the ztype and the zone key zk.
The wire format is illustrated in <xref target="figure_zid"/>.
</t>
<figure anchor="figure_zid">
<artwork name="" type="" align="left" alt=""><![CDATA[
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
-| ZONE TYPE | ZONE PUBLIC KEY /
+| ZONE TYPE | ZONE KEY /
+-----+-----+-----+-----+ /
/ /
/ /
@@ -418,7 +418,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
<t>
In order to revoke a zone key, a signed revocation object MUST be
published.
- This object MUST be signed using the private zone key.
+ This object MUST be signed using the private key.
The revocation object is broadcast to the network.
The specification of the broadcast mechanism is out of scope of this
document.
@@ -468,7 +468,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
+-----------------------------------------------+
| TIMESTAMP |
+-----------------------------------------------+
-| ZONE TYPE | ZONE PUBLIC KEY |
+| ZONE TYPE | ZONE KEY |
+-----+-----+-----+-----+ |
/ /
/ /
@@ -491,7 +491,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
<dd>
is the 32-bit zone type.
</dd>
- <dt>ZONE PUBLIC KEY</dt>
+ <dt>ZONE KEY</dt>
<dd>
is the 256-bit public key zk of the zone which is being revoked.
The wire format of this value is defined in <xref target="RFC8032"
/>,
@@ -544,7 +544,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
+-----+-----+-----+-----+-----+-----+-----+-----+
| POW_Z-1 |
+-----------------------------------------------+
-| ZONE TYPE | ZONE PUBLIC KEY |
+| ZONE TYPE | ZONE KEY |
+-----+-----+-----+-----+ |
/ /
/ /
@@ -584,19 +584,19 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
</dd>
<dt>ZONE TYPE</dt>
<dd>
- The 32-bit zone type corresponding to the zone public key.
+ The 32-bit zone type corresponding to the zone key.
</dd>
- <dt>ZONE PUBLIC KEY</dt>
+ <dt>ZONE KEY</dt>
<dd>
is the public key zk of the zone which is being revoked and
the key to be used to verify SIGNATURE.
</dd>
<dt>SIGNATURE</dt>
<dd>
- A signature over a timestamp and the public zone zk of the zone
+ A signature over a timestamp and the zone zk of the zone
which is revoked and corresponds to the key used in the PoW.
The signature is created using the Sign() function of
- the cryptosystem of the zone and the private zone key
+ the cryptosystem of the zone and the private key
(see <xref target="ztype" />).
</dd>
</dl>
@@ -614,7 +614,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
+-----+-----+-----+-----+-----+-----+-----+-----+
| TIMESTAMP |
+-----+-----+-----+-----+-----+-----+-----+-----+
-| ZONE TYPE | ZONE PUBLIC KEY |
+| ZONE TYPE | ZONE KEY |
+-----+-----+-----+-----+ |
/ /
/ /
@@ -635,9 +635,9 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
</dd>
<dt>ZONE TYPE</dt>
<dd>
- The 32-bit zone type corresponding to the zone public key.
+ The 32-bit zone type corresponding to the zone key.
</dd>
- <dt>ZONE PUBLIC KEY / TIMESTAMP</dt>
+ <dt>ZONE KEY / TIMESTAMP</dt>
<dd>Both values as defined in the revocation data object above.</dd>
</dl>
<t>
@@ -835,12 +835,12 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
<dl>
<dt>d</dt>
<dd>
- is a 256-bit ECDSA private zone key. The generation of the private
+ is a 256-bit ECDSA private key. The generation of the private
scalar as defined in Section 2.2. of <xref target="RFC6979" />
represents the Private-KeyGen() function.
</dd>
<dt>zk</dt>
<dd>
- is the ECDSA public zone key corresponding to d. Its generation is
+ is the ECDSA zone key corresponding to d. Its generation is
defined in Section 2.2. of <xref target="RFC6979" /> as the curve
point d*G where G
is the group generator of the elliptic curve.
This generation represents the Public-KeyGen(d) function.
@@ -889,7 +889,7 @@ zk' := h mod L * zk
<xref target="RFC5869" />, using HMAC-SHA512 for the extraction
phase and HMAC-SHA256 for the expansion phase.
PRK_h is key material retrieved using an HKDF using the string
- "key-derivation" as salt and the public zone key as initial
+ "key-derivation" as salt and the zone key as initial
keying material.
h is the 512-bit HKDF expansion result and must be interpreted in
network byte order. The expansion information input is
@@ -998,7 +998,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
<dl>
<dt>d</dt>
<dd>
- is a 256-bit EdDSA private zone key. The generation as defined
+ is a 256-bit EdDSA private key. The generation as defined
in Section 3.2. of <xref target="RFC8032" /> and represents the
Private-KeyGen()
function.
</dd>
@@ -1009,7 +1009,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
</dd>
<dt>zk</dt>
<dd>
- is the EdDSA public zone key corresponding to d. It is defined in
+ is the EdDSA public key corresponding to d. It is defined in
Section 3.2 of <xref target="RFC8032" /> as the curve point a*G
where G is the
group generator of the elliptic curve and a is an integer
derived from d using the SHA512 hash function.
@@ -1072,14 +1072,14 @@ zk' := h * zk
<xref target="RFC5869" />, using HMAC-SHA512 for the extraction
phase and HMAC-SHA256 for the expansion phase.
PRK_h is key material retrieved using an HKDF using the string
- "key-derivation" as salt and the public zone key as initial
+ "key-derivation" as salt and the zone key as initial
keying material.
The blinding factor h is the 512-bit HKDF expansion result.
The expansion information input is
a concatenation of the label and the string "gns".
The result of the HKDF must be clamped and interpreted in network
byte order.
- a is the 256-bit integer corresponding to the 256-bit private zone
+ a is the 256-bit integer corresponding to the 256-bit private
key d.
The label is a UTF-8 string under which the resource records are
published.
@@ -1273,7 +1273,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
the label that a zone prefers to have used when it is referred to.
This is a suggestion to other zones what label to use when creating a
delegation record (<xref target="gnsrecords_delegation" />) containing
- this zone's public zone key.
+ this zone key.
This record SHOULD only be stored under the empty label "@" but MAY be
returned with record sets under any label as a supplemental record.
<xref target="nick_processing"/> details how a resolver must process
@@ -1452,13 +1452,13 @@ q := SHA512 (HDKD-Public(zk, label))
</dd>
<dt>zk</dt>
<dd>
- is the public zone key.
+ is the zone key.
</dd>
<dt>q</dt>
<dd>
Is the 512-bit storage key under which the resource records block is
published.
- It is the SHA512 hash over the derived public zone key.
+ It is the SHA512 hash over the derived zone key.
</dd>
</dl>
</section>
@@ -1481,7 +1481,7 @@ q := SHA512 (HDKD-Public(zk, label))
<artwork name="" type="" align="left" alt=""><![CDATA[
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
-| ZONE TYPE | ZONE PUBLIC KEY |
+| ZONE TYPE | ZONE KEY |
+-----+-----+-----+-----+ (BLINDED) |
/ /
/ /
@@ -1508,9 +1508,9 @@ q := SHA512 (HDKD-Public(zk, label))
<dd>
is the 32-bit zone type.
</dd>
- <dt>ZONE PUBLIC KEY</dt>
+ <dt>ZONE KEY</dt>
<dd>
- is the blinded public zone key "ZKDF-Public(zk, label)"
+ is the blinded zone key "ZKDF-Public(zk, label)"
to be used to verify SIGNATURE.
</dd>
<dt>SIGNATURE</dt>
@@ -1635,7 +1635,7 @@ q := SHA512 (HDKD-Public(zk, label))
</t>
<t>
GNS resolution of a name must start in a given starting zone indicated
using
- a zone public key.
+ a zone key.
Details on how the starting zone may be determined is discussed in
<xref target="governance" />.
</t>
@@ -1654,7 +1654,7 @@ q := SHA512 (HDKD-Public(zk, label))
<name>Root Zone</name>
<t>
The resolution of a GNS name must start in a given start zone
- indicated to the resolver using any public zone key.
+ indicated to the resolver using any zone key.
The local resolver may have a local start zone configured/hard-coded
which points to a local or remote start zone key.
A resolver client may also determine the start zone from the
@@ -1674,7 +1674,7 @@ q := SHA512 (HDKD-Public(zk, label))
GNS clients MUST first try to interpret the top-level domain of
a GNS name as a zone key representation (i.e. a zTLD).
If the top-level domain is indicated to be a label representation of
- a public zone key with a supported zone type value, the root zone of
+ a zone key with a supported zone type value, the root zone of
the resolution process is implicitly given by the suffix of the name:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
@@ -2157,12 +2157,12 @@ NICK: john (Supplemental)
<name>Label Guessing</name>
<t>
Record blocks are published encrypted using keys derived from the
- zone public key and record label. Zone administrators should
+ zone key and record label. Zone administrators should
carefully consider if the label and zone key may be public or if
those should be used and considered as a shared secret.
Unlike zone keys, labels can also be guessed by
an attacker in the network observing queries and responses. Given
- a known and targeted zone public key, the use of well known or
easily guessable
+ a known and targeted zone key, the use of well known or easily
guessable
labels effectively result in general disclosure of the records to
the public.
If the labels and hence the records should be kept secret except to
@@ -2172,7 +2172,7 @@ NICK: john (Supplemental)
</t>
<t>
It should be noted that this attack on labels only applies if the
- zone public key is somehow disclosed to the adversary. GNS itself
+ zone key is somehow disclosed to the adversary. GNS itself
does not disclose it during a lookup or when resource records are
published as the zone keys are blinded beforehand.
</t>
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0001] branch master updated: changed wording more for private zone key to private key,
gnunet <=