[info-GNUnet] GNUnet 0.10.0 released

[Christian Grothoff]

Dear all,

We are pleased to announce the release of GNUnet 0.10.0. This release
represents a major overhaul of the cryptographic primitives used by the
system. GNUnet used RSA 2048 since its inception in 2001, but as of
GNUnet 0.10.0, we are "powered by Curve25519". Naturally, changing
cryptographic primitives like this breaks backwards compatibility
entirely. We have used this opportunity to implement protocol
improvements all over the system. In terms of usability, users should be
aware that (1) compiling GNUnet requires recent versions of libraries
that were only released in December 2013 and are thus unlikely to be
available in common distributions, (2) the nascent network is tiny and
thus unlikely to provide good anonymity or extensive amounts of
interesting information, and (3) that we had limited time to test the
new code, especially in a real-world deployment. As a result, this
release is only suitable for early adopters with some reasonable pain
tolerance.


About GNUnet
============

GNUnet is a framework for secure peer-to-peer networking. GNUnet's
primary design goals are to protect the privacy of its users and to
guard itself against attacks or abuse. At this point, GNUnet offers four
primary applications on top of the framework:

The file-sharing service allows anonymous censorship-resistant
file-sharing. Files, searches and search results are encrypted to make
it hard to control, track or censor users. GNUnet's anonymity protocol
(gap) is designed to make it difficult to link users to their
file-sharing activities. Users can also individually trade-off between
performance and anonymity. Despite providing anonymity, GNUnet's
excess-based economy rewards contributing users with better performance.

The VPN service allows offering of services within GNUnet (using the
.gnu TLD) and can be used to tunnel IPv4 and IPv6 traffic over the P2P
network. The VPN can also be used for IP protocol translation (6-to-4,
4-to-6) and it is possible to tunnel IP traffic over GNUnet (6-over-4,
4-over-6). Note that at this stage, it is possible for peers to
determine the IP address at which services are hosted, so the VPN does
not offer anonymity.

The GNU Name System (GNS) provides a fully-decentralized and censorship
resistant replacement for DNS. GNS can be used alongside DNS and can be
integrated with legacy applications (such as traditional browsers) with
moderate effort. GNS provides censorship-resistance, memorable names and
cryptographic integrity protection for the records. Note that at this
stage, it is possible for a strong adversary to determine which peer is
responsible for a particular zone, GNS does not offer strong anonymity.
However, GNS offers query privacy, that is other participants can
typically not decrypt queries or replies.

GNUnet Conversation allows voice calls to be made over GNUnet. Users are
identified using GNS and voice data is encrypted. However, GNUnet
Conversation does not provide anonymity at this stage --- other peers
may observe a connection between the two endpoints and it is possible to
determine the IP address associated with a phone.

Other applications are still under development.

Key features of GNUnet include:

    Works on GNU/Linux, FreeBSD, OS X and W32
    P2P communication over TCP, UDP, HTTP (IPv4 or IPv6), HTTPS, WLAN or
Bluetooth
    Communication can be restricted to friends (F2F mode)
    Includes a general-purpose, secure distributed hash table
    NAT traversal using UPnP, ICMP or manual hole-punching (possibly in
combination with DynDNS)
    Small memory footprint (specifics depend on the configuration)

For developers, GNUnet offers:

    Access to all subsystems via clean C APIs
    Mostly written in C, but extensions possible in other languages
    Multi-process architecture for fault-isolation between components
    Use of event loop and processes instead of threads for ease of
development
    Extensive logging and statistics facilities
    Integrated testing library for automatic deployment of large-scale
experiments with tens of thousands of peers


Noteworthy improvements in 0.10.0
=================================

    Improved documentation, including an extensive developer handbook
and a new post-installation tutorial with first-steps for users
    New application: GNUnet Conversation
    New combined multi-process GUI gnunet-gtk
    New tool to create GNS Business Cards gnunet-bcd
    New tool to import GNS QR codes gnunet-qr
    Use of EdDSA and ECDHE instead of RSA for peer's public key cryptography
    CORE connections now use perfect forward secrecy with 12h rotation
intervals
    Use of ECDSA for GNU Name System and identity management
    Unified identity management for GNS and File-sharing
    KSK and SKS queries in file-sharing are now indistinguishable
    Peers in F2F mode can use "do not gossip" flag to hide their
existence from non-friends entirely
    End-to-end encrypted mesh tunnels
    Flow- and congestion-control for mesh tunnels
    Improved key revocation scheme for the GNU Name System
    Improved query privacy for the GNU Name System
    Improved name shortening for the GNU Name System
    Improved handling of shadow records for the GNU Name System

The above is just the short list, our bugtracker lists over 350
individual issues that were resolved. It also contains a list of known
open issues that might be useful to consult.
Known Issues

We have a few issues that were reported by developers in the last week
that were most likely not resolved in the final release. Users should be
aware of these issues, which we hope to address shortly.

    NAT traversal does not work as well as it should (feature), explicit
hole punching and specification of the external IP in the configuration
is advised
    Timestamps in log files do not respect winter time (#3236)
    When the HTTP(S) transport plugins are enabled, peers sometimes fail
to connect at all (#3238)
    Rarely, the TCP transport plugin may cause a crash (#3232)
    Bandwidth allocation among the neighbors of a peer seems to be
sometimes rather unfair (#3237)
    Crashes in gnunet-fs-gtk (#3240) and the MESH service (#3239) were
reported but could not yet be reproduced

In addition to this list, you may also want to consult our bug tracker at
https://gnunet.org/bugs/.


Availability
============

The GNUnet 0.10.0 source code is available from all GNU FTP mirrors. The
GTK frontends (which includes the gnunet-setup tool) are a separate
download.

All known releases
    https://gnunet.org/current-downloads
GNUnet on a FTP mirror near you
    http://ftpmirror.gnu.org/gnunet/gnunet-0.10.0.tar.gz
GNUnet GTK on an FTP mirror near you
    http://ftpmirror.gnu.org/gnunet/gnunet-gtk-0.10.0.tar.gz
GNUnet FUSE on an FTP mirror near you
    http://ftpmirror.gnu.org/gnunet/gnunet-fuse-0.10.0.tar.gz
GNUnet on the primary GNU FTP server
    ftp://ftp.gnu.org/pub/gnu/gnunet/gnunet-0.10.0.tar.gz
GNUnet GTK on the primary GNU FTP server
    ftp://ftp.gnu.org/pub/gnu/gnunet/gnunet-gtk-0.10.0.tar.gz
GNUnet FUSE on the primary GNU FTP server
    ftp://ftp.gnu.org/pub/gnu/gnunet/gnunet-fuse-0.10.0.tar.gz

Note that GNUnet is now started using "gnunet-arm -s". GNUnet should be
stopped using "gnunet-arm -e".


Thanks
======

This release was the work of many people. The following people
contributed code and were thus easily identified: Alejandra Morales,
Andreas Fuchs, Bart Polot, Bruno Cabral, Christian Fuchs, Christian
Grothoff, Claudiu Olteanu, David Barksdale, Fabian Oehlmann, Florian
Dold, Gabor X Toth, LRN, Martin Schanzenbach, Matthias Wachs, Maximilian
Szengel, Nils Durner, Simon Dieterle, Sree Harsha Totakura, Stephan A.
Posselt, and Werner Koch. Additionally, we thank Sébastien Moratinos,
Diana del Burgo, and gillux for their work on the website.


Further Information
===================

GNUnet Homepage
    https://gnunet.org/
GNUnet Installation Handbook
    https://gnunet.org/installation-handbook
GNUnet Forum
    https://gnunet.org/forum
GNUnet Bug tracker
    https://gnunet.org/bugs/
IRC
    irc://irc.freenode.net/#gnunet


Thank you for your attention.

Happy hacking!


Christian