GNU Name System (GNS)¶
links: AC2 TOC DPKI - Index
Overview¶
Properties
- interoperable with DNS
- decentralized name system with secure memorable names
- delegation used to achieve transitivity (using zones of other users)
- also supports globally unique, secure identifiers (".PUBLIC-KEY")
- achieves query and response privacy
- censorship-resistant
- reliable revocation using flooding with proof-of-work
- provides alternative public key infrastructure
- Trust paths explicit, trust agility
- Simplified key exchange compared to Web of Trust
General¶
The GNU Name System GNS is specified in a RFC
We can see that other than in DNS there is no centralized server which manages records. Each GNS client is part of a P2P network which maintains a DHT containing address information. In addition to the DHT also an individual zone database is kept, which stores information for address resolution. Each zone consists of a public/private ECDSA key pair. The public key also uniquely identifies the zone it defines.
Publishing Records¶
To publish records, a RRBLOCK is written to the DHT by using the PUT(key, value)
primitive such a DHT has. The key
is derived from the zone key zk
as follows:
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
d_h := h * d mod L
zk_h := h mod L * zk
q := SHA512 (zk_h)
The value
is a RRBLOCK
which contains information about the entry. Each RRBLOCK
starts with the signature of the block. Only the PUBLIC-KEY
does not belong to the signature. The PUBLIC-KEY
follows the signature. This PUBLIC-KEY
can be used to verify the data block. After the PUBLIC-KEY
, SIZE
, PURPOSE
and EXPIRATION
follow. They define the size of the BDATA
block, the purpose is always set to 15
(network byte order \(\rightarrow\) Big Endian \(\rightarrow\) MSB) and the expiration defines when the RRBLOCK
should be removed from the DHT. Then follows the BDATA
block which contains the actual information about the resource record. The BDATA
block is encrypted using a key K
and an IV
which are derived as follows:
PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)
PRK_iv := HKDF-Extract ("gns-aes-ctx-iv", zk)
K := HKDF-Expand (PRK_k, label, 512 / 8);
IV := HKDF-Expand (PRK_iv, label, 256 / 8)
where zk
is the zone key. (RFC-5869 which specifies HKDF)
Name Resolution¶
The resolution of names must start with a given starting zone indicated by a zk
public key. The resolution then recursively iterates over the to be resolved domain from right to left token by token. For each token the DHT store-key q
is derived as described above. With the derived q
we can load entries from the DHT and recursively resolve the target. We can decrypt the encrypted BDATA
by deriving keys as explained above. The name resolution can handle GNS2DNS
records which allow interoperability with DNS.
How do we gain Trust agility with GNS?¶
Since we manage our local zone database and our lookups will start there, we can choose which paths we take to resolve an address. Maybe I will trust Cynthia more than Bob to resolve a certain domain. So I can start my lookup in the DHT with Cynthia's zone to resolve an address. But if for some reason I think Bob is more trustworthy now, I can simply update my local zone database and do my lookups over Bob's zone instead of Cynthia's.
Delegation¶
- Bob creates a local zone with his public key and some records (e.g. www)
- Alice learns Bob's public key and creates delegation to this zone under label bob
- Alice can reach Bob's webserver via "www.bob.gnu"
Name Resolution¶
Cryptography¶
Cryptographic identifiers¶
- Zone are identified by a public key
- "alice.bob.PUBLIC-KEY" is perfectly legal in GNS \(\rightarrow\) Globally unique identifiers
Summary¶
Privacy Summary
Key management summary
Conclusion
- DNS - globalist
- DNSSEC - authoritarian
- Namecoin - libertarian (US)
- RAINS - nationalist
- GNS - anarchist
links: AC2 TOC DPKI - Index