[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Contributing to GNUnet
From: |
Schanzenbach, Martin |
Subject: |
Re: Contributing to GNUnet |
Date: |
Fri, 13 Mar 2020 20:28:12 +0100 |
> On 13. Mar 2020, at 18:32, Tanguy Le Carrour <address@hidden> wrote:
>
> Hi GNUnet, Hi Christian,
>
> Le 03/10, Tanguy Le Carrour a écrit :
>> Le 03/09, Christian Grothoff a écrit :
>>> 2) try adding a TLSA record for gnunet.org to GNS, thereby avoiding
>>> the use of Letsencrypt and really directly verifying via GNS.
>>
>> I'll try this and let you know, thanks!
>
> So, I did my homework, used a generator [1][] and ended up with this:
>
> ```
> _443._tcp.gnunet.org. IN TLSA 3 1 1
> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
> ```
>
> [1]: https://www.huque.com/bin/gen_tlsa
>
> So I now have:
>
> ```
> $ gnunet-namestore -z myself -a -e "1 d" -p -t TLSA -n gnunet -V "3 1 1
> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"
> $ gnunet-gns --type ANY --lookup gnunet.myself
> gnunet.myself:
> Got `TLSA' record: 3 1 1
> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
> Got `LEHO' record: gnunet.org
> Got `A' record: 131.159.74.67
> ```
>
> I didn't know where to put the `_443._tcp` part. `gnunet-namestore` complained
> about the name containing a `.`.
>
> There's something in the doc [2][] about `_port._proto.`, but it's for
> BOX records only.
>
Indeed, instead of a TLSA records, for GNS, you should add a box record that
contains a TLSA record. Like so:
$ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 3 1 1
26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"
6 is the protocol (tcp), 443 is the service (https).
Still I wonder why you actually need that...
> [2]: https://docs.gnunet.org/handbook/gnunet.html#BOX-1
>
> Having done that, I still don't get much in the logs:
>
> ```
> $ […]/lib/gnunet/libexec/gnunet-gns-proxy --log DEBUG
> Mar 13 18:15:11-622297 gnunet-gns-proxy-3803 ERROR Download curl gnunet.org/
> failed: SSL peer certificate or SSH remote key was not OK
> ```
>
> Is my TLSA record correct? Is there something else I can try?
>
> Regards
>
> --
> Tanguy
signature.asc
Description: Message signed with OpenPGP
- Contributing to GNUnet, Tanguy Le Carrour, 2020/03/04
- Re: Contributing to GNUnet, Christian Grothoff, 2020/03/04
- Re: Contributing to GNUnet, Schanzenbach, Martin, 2020/03/04
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/05
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/09
- Re: Contributing to GNUnet, Christian Grothoff, 2020/03/09
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/10
- Re: Contributing to GNUnet, Christian Grothoff, 2020/03/10
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/13
- Re: Contributing to GNUnet,
Schanzenbach, Martin <=
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/14
- Re: Contributing to GNUnet, Schanzenbach, Martin, 2020/03/14
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/14
- Re: Contributing to GNUnet, Schanzenbach, Martin, 2020/03/14
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/14
- Re: Contributing to GNUnet, Martin Schanzenbach, 2020/03/14
- Re: Contributing to GNUnet, Martin Schanzenbach, 2020/03/14
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/20