[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r1572 - GNUnet-docs/WWW
|
From: |
grothoff |
|
Subject: |
[GNUnet-SVN] r1572 - GNUnet-docs/WWW |
|
Date: |
Sun, 17 Jul 2005 11:36:22 -0700 (PDT) |
Author: grothoff
Date: 2005-07-17 11:36:19 -0700 (Sun, 17 Jul 2005)
New Revision: 1572
Removed:
GNUnet-docs/WWW/namespace.php3
Log:
dead
Deleted: GNUnet-docs/WWW/namespace.php3
===================================================================
--- GNUnet-docs/WWW/namespace.php3 2005-07-17 12:24:55 UTC (rev 1571)
+++ GNUnet-docs/WWW/namespace.php3 2005-07-17 18:36:19 UTC (rev 1572)
@@ -1,310 +0,0 @@
-<?php
-include("scripts.php3");
-$title = "GNUnet Subspaces and Directories";
-$description = "Page for the discussion of how to implement private subspaces
and directories in GNUnet.";
-include("html_header.php3");
-// FIXME: update for 0.7.0?
-H2("Subspaces and Directories in GNUnet");
-
-BP();
-
-W("Please note that this document reflects the discussion before the actual
implementation of namespaces and directories.");
-W("The final implementation is documented elsewhere.");
-W("Nevertheless, almost everything written here still applies.");
-W("Still, some of what is written here outdated at this point.");
-W("This page is preserved primarily for historical purposes.");
-
-EP();
-
-H3("Introduction");
-
-BP();
-W("The goal of this proposal is to allow an author <i>A</i> to publish lists
of) files and their CHKs, along with metadata (file descriptions), such that
that:");
-EP();
-
-echo "<ol><li>";
-W("no malicious user <i>M</i> is be able to publish as <i>A</i>, and");
-echo "</li><li>";
-W("searches for content provided by <i>A</i> must never be matched by any
other content.");
-echo "</li></ol>";
-
-BP();
-W("<strong>Proposition:</strong> Use author specific queries, called
<em>SQueries</em>, that only return <em>SBlocks</em> (blocks that were
cryptographically signed by the author).");
-W("The SBlocks contain a (list of) signed CHK keys that can then be used to
retrieve a <em>Directory</em>.");
-W("A directory is a file that contains meta-data for a list of files in a
standardized format.");
-W("The metadata can then be used to retrieve the actual files.");
-EP();
-
-H3("GNUnet AFS subspaces");
-
-BP();
-W("In order to create a new subspace, an author must first create a
public-private key pair.");
-W("We will refer to this key pair as the <em>pseudonym</em> of the author.");
-W("Every author can create any number of pseudonyms.");
-W("The hash of the public key is used as the <em>subspace identifier</em>.");
-W("Every inserted SBlock in the subspace carries a cryptographic signature to
prove that it is actually a valid block in the subspace.");
-P();
-
-W("Whenever an SBlock is transported via a node, the peer verifies the
signature and drops the block if the signature is invalid.");
-W("In order to ensure that peers can check the signature without any
additional information, the public key of the author must be included in the
SBlock.");
-W("Peers never store or transmit SBlocks that do not pass the signature
check.");
-W("Peers never give credit for SBlocks with invalid signatures.");
-
-EP();
-H4("Format of an SBlock");
-
-BP();
-W("The format of an SBlock is intended to fit within the general format of
search-results.");
-W("But where the search-results contain the filename, description and
mime-type, the SBlock must provide the signature and the public key.");
-W("Content in the subspace is identified by SBlocks that have the following
format:");
-
-EP();
-PRE("typedef struct {\n" .
- " unsigned short SBLOCK_MAGIC;\n" .
- " unsigned short SBLOCK_VERSION; \n" .
- " FileIdentifier fileIdentifier; /* 48 b */\n" .
- " char description[MAX_DESC_LEN]; /* 256 b */\n" .
- " char filename[MAX_FILENAME_LEN/2]; /* 64 b */\n" .
- " char mimetype[MAX_MIMETYPE_LEN/2]; /* 64 b */\n" .
- " time_t creationTime;\n" .
- " time_t updateInterval;\n" .
- " HashCode160 nextIdentifier; /* N, 20 b */\n" .
- " HashCode160 identifierIncrement; /* I, 20 b */\n" .
- " HashCode160 hash_of_sblock_identifier; /* = R, 20 b */\n" .
- " Signature signature; /* 256 b */\n" .
- " PublicKey subspace; /* 264 b */\n" .
- "} SBlock; /* total: 1024 bytes */");
-BP();
-
-W("In the SBlock, the <em>signature</em> is the RSA signature of
<tt>H(E<sub>K</sub>(MAGIC, fileIdentifier, description, filename, mimetype,
creationTime, updateInterval, nextIdentifier, identifierIncrement))</tt>.");
-W("The SBlock is transmitted with the data portion being encrypted, thus we
must sign the encrypted data such that intermediaries can verify the
signature.");
-W("We will denote the encrypted portion of the SBlock, the first 488 bytes, as
<tt>SBlock<sub>488</sub></tt>.");
-W("The SBlock is encrypted with a key <tt>K</tt> which is chosen by the
user.");
-W("A typically way for the user to specify <tt>K</tt> is to provide a keyword
and then <tt>K = H("keyword")</tt>.");
-W("The key <tt>K</tt> is explicitly stored in the encrypted portion of the
SBlock since <tt>K = N - I</tt>.");
-W("SBlocks are stored in plaintext in directories, thus it is important that
the encryption key <tt>K</tt> can be recovered.");
-W("For routing purposes, we use <tt>R = H(K) ^ S</tt>.");
-W("The XOR operation with the subspace identifier <tt>S = H(PubKey)</tt> is
used to avoid collisions with the same key(word) in other subspaces in the
routing table.");
-W("The signature and the subspace key (which will always be transmitted in
plaintext) will be denoted as <tt>SBlock<sub>R, sig</sub></tt>.");
-W("The signature is always applied to the encrypted SBlock.");
-W("Every peer transmitting an SBlock must check that the signature is correct
with respect to the public key and that the public key and the identifier match
the SQuery.");
-W("The <tt>SBLOCK_VERSION</tt> is used to specify if the file identified by
the <tt>fileIdentifier</tt> is a directory or a normal file.");
-P();
-W("The <tt>creationTime</tt> and <tt>updateInterval</tt> entries allow clients
to detect outdated content or signatures.");
-W("If the <tt>creationTime</tt> is 0, the <tt>updateInterval</tt> specifies
<em>how long</em> the signature is valid (if <tt>updateInterval</tt> is also 0,
this means <em>forever</em>).");
-W("Otherwise, the <tt>creationTime</tt> specifies when this block was
created.");
-W("In that case, the creator can specify that after <tt>updateInterval</tt>
seconds an update will be made available under the identifier
<tt>nextIdentifier</tt> (if <tt>updateInterval</tt> is 0, no updates are going
to be made available).");
-W("If the <tt>updateInterval</tt> is -1, it means that this is not a periodic
publication and that there will only be a single update under
<tt>nextIdentifier</tt> at an arbitrary point in time.");
-W("If periodic updates are announced (both timers non-zero and not minus one),
the <tt>nextIdentifier</tt> is the presumed identifier for the updated content
that is available at <tt>creationTime + updateInterval</tt>.");
-W("If (for each of the 5 integers of HashCode160) <tt>nextIdentifier (N) =
identifier (K) + identifierIncrement (I)</tt>, then the updates are made
available periodically and the most recent available version has the identifier
<tt>identifier (K) + identifierIncrement (I) * ((now - creationTime) /
updateInterval)</tt>.");
-
-EP();
-HR();
-BP();
-H5("Example:");
-BP();
-W("Suppose the creation time is 400 and the update interval is 60.");
-W("If then the identifier is the tuple (64, 236, 34, 63, 723) and the next
identifier is (65, 268, 37, 67, 721) and the identifier increment is (1, 2, 3,
4, -2) the identifer from the time 520 to the time 579 will be computed to be
the identifier plus 2 times the increment, which yields (66, 240, 40, 71,
719).");
-W("Note that the numbers in practice will be much larger.");
-W("If in the addition any of the 5 integers overflows, the overflow is not
carried over to the next integer but simply ignored.");
-EP();
-HR();
-BP();
-
-W("A <em>FileIdentifier</em> is a struct that contains the information
required to download a file, or more specifially a GNUnet CHK, filesize and a
CRC.");
-
-EP();
-PRE("typedef struct {\n" .
- "CHK_Hashes chk;\n" .
- "size_t file_length;\n" .
- "int crc;\n" .
- "} FileIdentifier; /* total: 48 bytes */\n");
-
-H5("Query example");
-
-/*
-[ It is probably a good idea to allow two types of queries:
-
-SQuery(subspace)
- => match e.g. *.A439SBCKF832JFE84KDF0359DFLEWLKRKW353
-
-which would be matching every SBlock inserted to this subspace,
-regardless of identifier, and ]
-*/
-
-BP();
-W("Query for");
-EP();
-
-PRE("gnunet://afs/subspace/identifier\n" .
- "=> SQuery(subspace,identifier)\n" .
- "=> match e.g.
"A439SBCKF832JFE84KDF0359DFLEWLKRKW353,H(’somestring.html’)"");
-
-BP();
-W("returns exactly matching SBlocks.");
-W("However, this scheme does not prevent the author from inserting multiple
different SBlocks with same subspace-identifier pair.");
-W("On the network, the identifier will always be a hash code.");
-W("If the author provides a specific string, the hash of that string is
used.");
-W("Otherwise, the identifier can be generated by computing H(H(content)), and
presenting H(content) for user as the identifier part, which will be hashed
again when used.");
-EP();
-
-/* [ Other option would be to have a different URL prefix for strings and
hashes. ] */
-H4("Economy");
-
-BP();
-W("Because nodes have to verify the passing SBlocks, these requests should be
made a bit more expensive.");
-W("Peers should never credit other peers that forward invalid blocks, thereby
making it so that it is in the best interest of every peer to check the
signature before wasting bandwidth or storage space on it.");
-EP();
-
-H3("GNUnet AFS directories");
-
-BP();
-W("A GNUnet directory is a standardized format of a file containing
information about multiple files.");
-W("Like normal files, directories can be found with a search that returns
either an SBlock (with the directory bit set) or a variant of the RootNode
where also a bit in the minor version is changed to indicate that the file is a
directory.");
-EP();
-
-H4("Format of directory files");
-
-BP();
-W("The format of the directory files is a sequence of 1k blocks each
containing either a RootNode or an SBlock (which are always padded to 1k).");
-W("Other meta-block types may be defined in the future.");
-W("The directory file starts with one special 1k block of the following
format:");
-
-EP();
-PRE("typedef struct {" .
- " char[8] MAGIC; /* "\211GND\\r\\n\\032\\n" */\n" .
- " int version; /* "0000" */\n" .
- " int blockCount; \n" .
- " char description[MAX_DESC_LEN]; /* 256 b */\n" .
- " char reserved[752]; /* padding to 1k */\n" .
- "} DirectoryFileHeader; /* total: 1024 bytes */");
-BP();
-
-W("The blockCount is the number of 1k blocks that follow.");
-W("If the file is larger than 1024*(blockCount+1) the rest of the file is to
be ignored by current clients and may be used for future extentions to the
format.");
-P();
-
-W("This <em>Directory</em> is inserted to the network as a regular file, with
keywords, directory name and description as specified by the inserter.");
-W("The mime-type of a directory should probably be
<tt>application/gnunet-directory</tt>, but we should verify this against the
mime-specifications to be on the safe side.");
-W("SBlock information can be added to a directory separately.");
-W("The mime-type does not need to be stored explicitly since the MAGIC code
and the version identify the file type.");
-
-EP();
-H3(" Storing and retrieving data ");
-
-H4("Inserting");
-BP();
-W("To insert several files, protected via subspace");
-EP();
-echo "<ol><li>\n";
-W("Insert all files regularly (keys optional), and remember their
RootNodeHeaders.");
-echo "</li><li>\n";
-W("Create and insert a list of previously inserted files as Directory using
the RootNodeHeaders as its blocks");
-echo "</li><li>\n";
-W("Insert an SBlock pointing to the inserted Directory.");
-echo "</li></ol>\n";
-BP();
-W("Optionally, the Directory can also be inserted as a regular file under
chosen keywords and with the appropriate meta-data.");
-
-EP();
-H4("Querying");
-
-BP();
-W("AFS clients should be able to distinguish between actual files, SBlocks and
Directories using the type information stored in the Directory.");
-P();
-
-W("The AFS user interface should provide an easy-to-use interface for browsing
SBlocks and Directory hierarchies.");
-
-EP();
-H3("Allowing pseudoupdateable content");
-
-BP();
-W("The subspace-directory scheme allows (pseudo) updateable content, as in
Freenet.");
-W("Note that the need for these methods is diminished slightly if we allow for
queries matching whole subspace.");
-
-EP();
-H3("Discussion");
-
-BP();
-W("Some remarks:");
-echo "<ul><li>";
-W("The subspace scheme allows meta-data of lists and files to be inserted
preventing false insertions by third parties.");
-W("The directories themselves do not have to be protected as we can assume the
adversary cannot forge a CHK.");
-W("The subspace suffices to protect all the files transitively.");
-echo "</li><li>";
-W("The actual SBlock request key should be formatted so that it can be cleanly
used as part of an URL - anticipating a future web proxy application.");
-echo "</li><li>";
-W("We can never point to RootNodes that refer to future directories (its
unlikely that we know the CHKs of the future directory today and a normal 3HASH
reply block to a keyword query is insecure since anybody may insert data under
that keyword).");
-W("What we can do is refer to a future SBlock by pre-setting its identifier.");
-W("We can even do this for a periodic publication by pre-defining a geometric
function for the identifiers.");
-W("Thus, we can point to future SBlocks in an SBlock, but never to RootNodes
or directly to future files.");
-echo "</li><li>";
-W("The Directory scheme allows posting of Directories under any search keys,
without the subspace complication.");
-W("The returned meta-data block contains a special bit which will indicate
that what the download will retrieve is not an ordinary file but a directory.");
-echo "</li></ul>";
-
-H4("Questions and Answers");
-echo "<dl>\n";
-DT("How do we achieve deniability for the SBlocks?");
-echo "<dd>";
-W("The first 488 bytes of an SBlock should be encrypted using the 3HASH scheme
(encrypt with the identifier I, search for H(I), reply is the tuple
E<sub>I</sub>(SBlock<sub>488</sub>), and SBlock<sub>H(I), sig</sub> (the second
half with the hash of the SBlock identifier, the public key and the signature
must be in plaintext for verification).");
-W("Note that this encryption just prevents filtering of SBlocks based on
plaintext keywords or file identifiers; the pseudonym and the query to match
against must always be available in plaintext (to allow signature verification)
and thus pseudonyms of well-known evildoers can always be censored by any
well-meaning citizen.");
-W("Yet, the pointed-to content and the meta-data are both protected and as we
know, every good evildoer will have lots of pseudonyms (RSA keys) available.");
-BR();BR();
-W("Also, an identifier <tt>I</tt> of the SBlock must be known to anybody
searching for an SBlock since <tt>I</tt> is required to decrypt parts of the
SBlock and H(I) forms, together with the hash of the pseudonym, the query.");
-W("The identifier of an SBlock is thus similar to the plaintext keyword for a
3HASH query: it must be obtained out-of-band.");
-BR();
-/* [ This seems to prevent ’whole subspace match’ queries
- that were defined in an earlier draft. Almost the same
- could be achieved by author inserting duplicate (subspace,
- identifier) pairs, only that then none of them could
- be singled out individually. - IW ] */
-W("Just as for RootNodes, there may be multiple SBlocks with the same (SBlock)
identifier pointing to different files as well as multiple SBlocks containing
the same file identifier.");
-W("An SBlock search is only guaranteed to yield a unique result if the owner
of the pseudonym only inserted one block under that identifier.");
-echo "</dd>\n";
-DT("Can we prevent nodes from censoring authgood, whose subspace string is
well-known?");
-echo "<dd>";
-W("If peers censor the SBlocks of a pseudonym, the author can change the
pseudonym.");
-W("The actual files (DBlocks, IBlocks and Directories) are not signed and thus
cannot be censored.");
-echo "</dd>";
-DT("What is the content identifier in the SBlock?");
-echo "<dd>";
-W("Using a logical name (a string) as the Identifier would enable users to
exchange and store "rational" keys ("2DOK3OWCI/index.html"
would have more meaning than "2DOK3OWCI/X4YCKLM".");
-W("It also would allow pointing to future SBlocks.");
-W("With a content-based identifier we would have to know the content
beforehand.");
-W("Reducing human error would be good, but is it worth preventing links to
future?");
-BR();BR();
-W("Thus the best solution is to do both.");
-W("If the user does not specify a name, the system can compute one and provide
a name that is guaranteed to be unique.");
-W("But if the user wants to have a specific name, that is also possible.");
-W("Note that internally we should always convert the name to a hashcode in
order to avoid the requirement for variable-length names.");
-echo "</dd>";
-DT("How does this scheme differ from current mechanisms used in Freenet?");
-echo "<dd>";
-W("Freenet development is still ongoing, so the explanation might be
outdated/wrong.");
-W("Sorry.");
-W("Very little.");
-W("The main difference is that Freenet Project hasn’t attempted to
standardize filelists (filelists as in ’something user-browsable,
containing descriptions etc’, like in Frost) as we do.");
-W("Freenet metablocks are human-readable, GNUnet strives for efficiency and
simplicity.");
-W("Number of files presentable in a freenet metablock is limited.");
-W("Through use of Directory, we don’t have that limitation.");
-W("Both approaches are suitable for implementing a HTTP proxy upon and both
allow untamperable publishing of recursively browsable websites.");
-W("However, our main emphasis is to allow publishing, browsing and downloading
of file collections, partly or entirely, without forcing the user to
artificially archive the content (multiple representations of same content is
wasteful from the network’s viewpoint) or publish separate,
unstandardized content listings in addition to the actual files.");
-echo "</dd><dt>";
-
-H3("Acknowledgments ");
-
-BP();
-W("Some of the ideas presented here cannibalized and adapted from end-user
level knowledge of the %s.",
- extlink_("http://www.freenetproject.org/","Freenet Project"));
-EP();
-
-/*
- revisions:
-11/18/2002, first draft by IW with minor revisions by CG.
-11/27/2002-11/28/2002, minor elaborations by IW
-12/20/2002, heavy hacking by CG
-08/07/2003, evolving the draft to keep it in sync with the implementation
-*/
-include("html_footer.php3");
-?>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r1572 - GNUnet-docs/WWW,
grothoff <=