Re: Contributing to GNUnet

gnunet-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Contributing to GNUnet

From:	Schanzenbach, Martin
Subject:	Re: Contributing to GNUnet
Date:	Fri, 13 Mar 2020 20:28:12 +0100


> On 13. Mar 2020, at 18:32, Tanguy Le Carrour <address@hidden> wrote:
> 
> Hi GNUnet, Hi Christian,
> 
> Le 03/10, Tanguy Le Carrour a écrit :
>> Le 03/09, Christian Grothoff a écrit :
>>> 2) try adding a TLSA record for gnunet.org to GNS, thereby avoiding
>>>   the use of Letsencrypt and really directly verifying via GNS.
>> 
>> I'll try this and let you know, thanks!
> 
> So, I did my homework, used a generator [1][] and ended up with this:
> 
> ```
> _443._tcp.gnunet.org. IN TLSA 3 1 1 
> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
> ```
> 
> [1]: https://www.huque.com/bin/gen_tlsa
> 
> So I now have:
> 
> ```
> $ gnunet-namestore -z myself -a -e "1 d" -p -t TLSA -n gnunet -V "3 1 1 
> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"
> $ gnunet-gns --type ANY --lookup gnunet.myself
> gnunet.myself:
> Got `TLSA' record: 3 1 1 
> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
> Got `LEHO' record: gnunet.org
> Got `A' record: 131.159.74.67
> ```
> 
> I didn't know where to put the `_443._tcp` part. `gnunet-namestore` complained
> about the name containing a `.`.
> 
> There's something in the doc [2][] about `_port._proto.`, but it's for
> BOX records only.
> 

Indeed, instead of a TLSA records, for GNS, you should add a box record that 
contains a TLSA record. Like so:

$ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 3 1 1 
26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"

6 is the protocol (tcp), 443 is the service (https).

Still I wonder why you actually need that...

> [2]: https://docs.gnunet.org/handbook/gnunet.html#BOX-1
> 
> Having done that, I still don't get much in the logs:
> 
> ```
> $ […]/lib/gnunet/libexec/gnunet-gns-proxy --log DEBUG
> Mar 13 18:15:11-622297 gnunet-gns-proxy-3803 ERROR Download curl gnunet.org/ 
> failed: SSL peer certificate or SSH remote key was not OK
> ```
> 
> Is my TLSA record correct? Is there something else I can try?
> 
> Regards
> 
> --
> Tanguy

signature.asc
Description: Message signed with OpenPGP

[Prev in Thread]

Current Thread

[Next in Thread]

Contributing to GNUnet, Tanguy Le Carrour, 2020/03/04
- Re: Contributing to GNUnet, Christian Grothoff, 2020/03/04
  - Re: Contributing to GNUnet, Schanzenbach, Martin, 2020/03/04
    - Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/05
    - Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/09
    - Re: Contributing to GNUnet, Christian Grothoff, 2020/03/09
    - Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/10
    - Re: Contributing to GNUnet, Christian Grothoff, 2020/03/10
    - Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/13
    - Re: Contributing to GNUnet, Schanzenbach, Martin <=
    - Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/14
    - Re: Contributing to GNUnet, Schanzenbach, Martin, 2020/03/14
    - Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/14
    - Re: Contributing to GNUnet, Schanzenbach, Martin, 2020/03/14
    - Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/14
    - Re: Contributing to GNUnet, Martin Schanzenbach, 2020/03/14
    - Re: Contributing to GNUnet, Martin Schanzenbach, 2020/03/14
    - Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/20

Prev by Date: Re: Contributing to GNUnet
Next by Date: Re: Raspberri pi image gnunet preinstalled
Previous by thread: Re: Contributing to GNUnet
Next by thread: Re: Contributing to GNUnet
Index(es):
- Date
- Thread