[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0001] branch master updated: privacy
From: |
gnunet |
Subject: |
[lsd0001] branch master updated: privacy |
Date: |
Sun, 19 Dec 2021 11:52:37 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new 7a44114 privacy
7a44114 is described below
commit 7a441146f41ac2eba8531e9ce5d16c1d7feacfa5
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Sun Dec 19 11:52:33 2021 +0100
privacy
---
draft-schanzen-gns.xml | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 9533bac..eda15fa 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -1920,7 +1920,7 @@ example.com = zk2
]]></artwork>
</section>
<section anchor="security" numbered="true" toc="default">
- <name>Security Considerations</name>
+ <name>Security and Privacy Considerations</name>
<section anchor="security_crypto" numbered="true" toc="default">
<name>Cryptography</name>
<t>
@@ -1977,6 +1977,20 @@ example.com = zk2
data changes. For example. the expiration time may be increased
by a single microsecond.
</t>
+ <t>
+ Record blocks are published encrypted using keys derived from the
+ zone public key and record label. Zone administrators should
+ carefully consider if the label may be public or if it should be
+ used and considered as a shared secret. Labels can be guessed by
+ an attacker in the network observing queries and responses. Given
+ a targeted zone public key, the use of well known or easily
guessable
+ labels effectively result in general disclosure of the records to
+ the public.
+ If the labels and hence the records should be kept secret except to
+ those knowing a secret label and the zone in which to look, the
+ label must be chosen accordingly. It is recommended to then use a
+ label with sufficient entropy as to prevent guessing attacks.
+ </t>
</section>
<section anchor="security_abuse" numbered="true" toc="default">
<name>Abuse Mitigation</name>
@@ -2099,7 +2113,8 @@ example.com = zk2
</ul>
<t>
The registration policy for this sub-registry is "First Come First
- Served", as described in <xref target="RFC8126"/>.
+ Served". This policy is modeled on that described in <xref
target="RFC8126"/>,
+ but describes the actions taken by GANA.
GANA is requested to populate this registry as listed in
<xref target="figure_rrtypenums"/>.
</t>
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [lsd0001] branch master updated: privacy,
gnunet <=