We are delighted to announce that ICANN has invited the GNUnet project to
speak at the
next ICANN Annual General Meeting.
We have been invited to join a panel discussion on Emerging Internet Identifier Technologies
in order to share our ideas and work on the GNU Name System (GNS).
ICANN generously offered to cover travel and accomodation.
The meeting will take place in Montreal between 2 - 7 November. The panel
will tentatively be help on November 6th.
We are happy to announce the completion of the first milestone for the
GNS Specification. The objective is to provide a detailed and comprehensive
guide for implementors of the GNU Name System.
The initial milestone consists of documenting the cryptographic principles
of GNS data structures. This includes the specification of the GNS record
wire and serialization formats as well as internationalization.
NOTE: The currently specified protocol is planned to be implemented for
GNUnet 0.12. The current GNS implementation (0.11) exhibits minor but
compatibility breaking deviations from this specification.
The draft specification LSD001 can be found at:
The next milestone will bring the resolver logic specification.
This work is generously funded by NLnet as
part of their Search and discovery fund.
We are pleased to announce the release of GNUnet 0.11.6.
This is a bugfix release for 0.11.5, fixing a lot of
minor bugs, improving stability and code quality. Further, our videos are
back on the homepage.
In this release, we again improved the webpage in general and updated our
documentation.
As always:
In terms of usability, users should be aware that there are still a large
number of known open issues in particular with respect to ease of use,
but also some critical privacy issues especially for mobile users.
Also, the nascent network is tiny (about 200 peers) and thus unlikely to
provide good anonymity or extensive amounts of interesting
information. As a result, the 0.11.6 release is still only suitable
for early adopters with some reasonable pain tolerance.
Download links
gnunet-fuse was not released again, as there were no
changes and the 0.11.0 versions are expected to continue to work fine
with gnunet-0.11.6.
Note that due to mirror synchronization, not all links might be functional
early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/
Noteworthy changes in 0.11.6 (since 0.11.5)
-
gnunet-identity can now print private keys.
-
The REST service can be configured to echo the HTTP Origin header value
for Cross-Origin-Resource-Sharing (CORS) when it is called by a browser
plugin. Optionally, a CORS Origin to echo can be also be directly
configured.
-
re:claimID tickets are now re-used whenever possible.
-
SUID binary detection mechanisms implemented to improve compatiblity with
some distributions.
-
TRANSPORT, TESTBED and CADET tests now pass again on macOS.
-
CADET: Replaced enum GNUNET_CADET_ChannelOption with GNUNET_MQ_PriorityPreferences in preparation of API changed in the future.
-
The GNS proxy Certification Authority is now generated using gnutls-certtool,
if available, with opennssl/certtool as fallback.
-
Documentation, comments and code quality was improved.
Known Issues
-
There are known major design issues in the TRANSPORT, ATS and CORE subsystems
which will need to be addressed in the future to achieve acceptable usability,
performance and security.
-
There are known moderate implementation limitations in CADET that
negatively impact performance.
-
There are known moderate design issues in FS that also impact
usability and performance.
-
There are minor implementation limitations in SET that create
unnecessary attack surface for availability.
-
The RPS subsystem remains experimental.
-
Some high-level tests in the test-suite fail non-deterministically due to
the low-level TRANSPORT issues.
In addition to this list, you may also want to consult our bug tracker
at bugs.gnunet.org which lists
about 190 more specific issues.
Thanks
This release was the work of many people. The following people
contributed code and were thus easily identified:
Martin Schanzenbach, Julius Bünger, ng0, Christian Grothoff, Alexia Pagkopoulou, rexxnor, xrs, lurchi and t3sserakt.
After some issues with our infrastructure we needed to replace our bootstrapping peer. To avoid problems when connecting to GNUnet the operator of a peer needs to update its node by removing the peer ID DSTJBRRKZ8TBW3FGK6B0M5QXWT9WYNZ45H5MCV4HY7ST64Q8T9F0 from the system. Here are two strategies to find copies of the respective file:
- $ locate DSTJBRRKZ8TBW3FGK6B0M5QXWT9WYNZ45H5MCV4HY7ST64Q8T9F0
- $ find / -name DSTJBRRKZ8TBW3FGK6B0M5QXWT9WYNZ45H5MCV4HY7ST64Q8T9F0
Update: DSTJ has now been blacklisted. Please update your GNUnet peer.
The members of the GNUnet community met again in the wonderful souroundings of St. Imier to hack on GNUnet. New people joined our sessions until late at night. From bug squashing to digging our own dog food, from workshops to theoretical discussions of new services and usecases. And of course, pizza was in the game.
We are pleased to announce the release of GNUnet 0.11.5.
This is a bugfix release for 0.11.4, mostly fixing a few
minor bugs and improving performance, in particular for
identity management with a large number of egos.
In the wake of this release, we also launched the
REST API documentation.
In
terms of usability, users should be aware that there are still a large
number of known open issues in particular with respect to ease of use,
but also some critical privacy issues especially for mobile users.
Also, the nascent network is tiny (about 200 peers) and thus unlikely to
provide good anonymity or extensive amounts of interesting
information. As a result, the 0.11.5 release is still only suitable
for early adopters with some reasonable pain tolerance.
Download links
gnunet-gtk saw some minor changes to adopt it to API changes in the main code
related to the identity improvements.
gnunet-fuse was not released again, as there were no
changes and the 0.11.0 version is expected to continue to work fine
with gnunet-0.11.5.
Note that due to mirror synchronization, not all links might be functional
early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/
Noteworthy changes in 0.11.5 (since 0.11.4)
-
gnunet-identity is much faster when creating or deleting
egos given a large number of existing egos.
-
GNS now supports CAA records.
-
Documentation, comments and code quality was improved.
Known Issues
-
There are known major design issues in the TRANSPORT, ATS and CORE subsystems
which will need to be addressed in the future to achieve acceptable usability,
performance and security.
-
There are known moderate implementation limitations in CADET that
negatively impact performance. Also CADET may unexpectedly deliver messages out-of-order.
-
There are known moderate design issues in FS that also impact
usability and performance.
-
There are minor implementation limitations in SET that create
unnecessary attack surface for availability.
-
The RPS subsystem remains experimental.
-
Some high-level tests in the test-suite fail non-deterministically due to
the low-level TRANSPORT issues.
In addition to this list, you may also want to consult our bug tracker
at bugs.gnunet.org which lists
about 190 more specific issues.
Thanks
This release was the work of many people. The following people
contributed code and were thus easily identified:
Christian Grothoff, Florian Dold, Marcello Stanisci, ng0, Martin Schanzenbach and Bernd Fix.
We are pleased to announce the release of GNUnet 0.11.4.
This is a bugfix release for 0.11.3, mostly fixing a few
build issues. In
terms of usability, users should be aware that there are still a large
number of known open issues in particular with respect to ease of use,
but also some critical privacy issues especially for mobile users.
Also, the nascent network is tiny (about 200 peers) and thus unlikely to
provide good anonymity or extensive amounts of interesting
information. As a result, the 0.11.4 release is still only suitable
for early adopters with some reasonable pain tolerance.
Download links
(gnunet-gtk and gnunet-fuse were not released again, as there were no
changes and the 0.11.0 versions are expected to continue to work fine
with gnunet-0.11.4.)
Note that due to mirror synchronization, not all links might be functional
early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/
Noteworthy changes in 0.11.4 (since 0.11.3)
-
gnunet-arm -s no longer logs into the console by default and
instead into a logfile (in $GNUNET_HOME).
-
The reclaim subsystem is no longer experimental.
See also re:claimID.
Further, the internal encryption scheme moved from ABE to GNS-style
encryption.
-
GNUnet now depends on a more recent version of libmicrohttpd.
-
The REST API now includes read-only access to the configuration.
-
All manpages are now in mdoc format.
-
gnunet-download-manager.scm removed.
Known Issues
-
There are known major design issues in the TRANSPORT, ATS and CORE subsystems
which will need to be addressed in the future to achieve acceptable usability,
performance and security.
-
There are known moderate implementation limitations in CADET that
negatively impact performance. Also CADET may unexpectedly deliver messages out-of-order.
-
There are known moderate design issues in FS that also impact
usability and performance.
-
There are minor implementation limitations in SET that create
unnecessary attack surface for availability.
-
The RPS subsystem remains experimental.
-
Some high-level tests in the test-suite fail non-deterministically due to
the low-level TRANSPORT issues.
In addition to this list, you may also want to consult our bug tracker
at bugs.gnunet.org which lists
about 190 more specific issues.
Thanks
This release was the work of many people. The following people
contributed code and were thus easily identified:
ng0, Christian Grothoff, Daniel Golle, Martin Schanzenbach and Julius Bünger.
We are pleased to announce the release of GNUnet 0.11.3.
This is a bugfix release for 0.11.2, mostly fixing a few
build issues. In
terms of usability, users should be aware that there are still a large
number of known open issues in particular with respect to ease of use,
but also some critical privacy issues especially for mobile users.
Also, the nascent network is tiny (about 200 peers) and thus unlikely to
provide good anonymity or extensive amounts of interesting
information. As a result, the 0.11.3 release is still only suitable
for early adopters with some reasonable pain tolerance.
Download links
(gnunet-gtk and gnunet-fuse were not released again, as there were no
changes and the 0.11.0 versions are expected to continue to work fine
with gnunet-0.11.3.)
Note that due to mirror synchronization, not all links might be functional
early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/
Note that GNUnet is now started using gnunet-arm -s. GNUnet should be
stopped using gnunet-arm -e.
Noteworthy changes in 0.11.3 (since 0.11.2)
-
gnunet-zoneimport now handles -h correctly
-
iptables and other similar binaries are no longer
hard-coded but detected at configure time (with hard-coded
fallback locations).
-
make uninstall now properly uninstalls all files
-
Passing the no longer available --with-nssdir
configuration option now results in a hard error.
-
GNUNET_memcmp() and GNUNET_is_zero() macros
introduced for improved type safety (but not yet used consistently).
Known Issues
-
There are known major design issues in the TRANSPORT, ATS and CORE subsystems
which will need to be addressed in the future to achieve acceptable usability,
performance and security.
-
There are known moderate implementation limitations in CADET that
negatively impact performance. Also CADET may unexpectedly deliver messages out-of-order.
-
There are known moderate design issues in FS that also impact
usability and performance.
-
There are minor implementation limitations in SET that create
unnecessary attack surface for availability.
-
The RPS subsystem remains experimental.
-
Some high-level tests in the test-suite fail non-deterministically due to
the low-level TRANSPORT issues.
In addition to this list, you may also want to consult our bug tracker
at bugs.gnunet.org which lists
about 190 more specific issues.
Thanks
This release was the work of many people. The following people
contributed code and were thus easily identified:
ng0, Christian Grothoff, Daniel Golle, Martin Schanzenbach and Julius Bünger.
We are pleased to announce the release of GNUnet 0.11.2.
This is a bugfix release for 0.11.0, mostly fixing minor bugs,
improving documentation and fixing various build issues. In
terms of usability, users should be aware that there are still a large
number of known open issues in particular with respect to ease of use,
but also some critical privacy issues especially for mobile users.
Also, the nascent network is tiny (about 200 peers) and thus unlikely to
provide good anonymity or extensive amounts of interesting
information. As a result, the 0.11.2 release is still only suitable
for early adopters with some reasonable pain tolerance.
Download links
(gnunet-gtk and gnunet-fuse were not released again, as there were no
changes and the 0.11.0 versions are expected to continue to work fine
with gnunet-0.11.2.)
Note that due to mirror synchronization, not all links might be functional
early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/
Note that GNUnet is now started using gnunet-arm -s. GNUnet should be
stopped using gnunet-arm -e.
Noteworthy changes in 0.11.2
-
gnunet-qr was rewritten in C, removing our last dependency on Python 2.x
-
REST and GNS proxy configuration options for address binding were added
-
gnunet-publish by default no longer includes creation time
-
Unreliable message ordering logic in CADET was fixed
-
Various improvements to build system and documentation
The above is just the short list, our bugtracker lists
14 individual issues that were resolved since 0.11.0.
Known Issues
-
There are known major design issues in the TRANSPORT, ATS and CORE subsystems
which will need to be addressed in the future to achieve acceptable usability,
performance and security.
-
There are known moderate implementation limitations in CADET that
negatively impact performance. Also CADET may unexpectedly deliver messages out-of-order.
-
There are known moderate design issues in FS that also impact
usability and performance.
-
There are minor implementation limitations in SET that create
unnecessary attack surface for availability.
-
The RPS subsystem remains experimental.
-
Some high-level tests in the test-suite fail non-deterministically due to
the low-level TRANSPORT issues.
In addition to this list, you may also want to consult our bug tracker
at bugs.gnunet.org which lists
about 190 more specific issues.
Thanks
This release was the work of many people. The following people
contributed code and were thus easily identified:
ng0, Christian Grothoff, Hartmut Goebel, Martin Schanzenbach, Devan Carpenter, Naomi Phillips and Julius Bünger.
We are pleased to announce the release of GNUnet 0.11.1.
This is a bugfix release for 0.11.0, mostly fixing minor bugs,
improving documentation and fixing various build issues. In
terms of usability, users should be aware that there are still a large
number of known open issues in particular with respect to ease of use,
but also some critical privacy issues especially for mobile users.
Also, the nascent network is tiny (about 200 peers) and thus unlikely to
provide good anonymity or extensive amounts of interesting
information. As a result, the 0.11.1 release is still only suitable
for early adopters with some reasonable pain tolerance.
Download links
(gnunet-gtk and gnunet-fuse were not released again, as there were no
changes and the 0.11.0 versions are expected to continue to work fine
with gnunet-0.11.1.)
Note that due to mirror synchronization, not all links might be functional
early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/
Note that GNUnet is now started using gnunet-arm -s. GNUnet should be
stopped using gnunet-arm -e.
Noteworthy changes in 0.11.1
-
gnunet-qr was rewritten in C, removing our last dependency on Python 2.x
-
REST and GNS proxy configuration options for address binding were added
-
gnunet-publish by default no longer includes creation time
-
Unreliable message ordering logic in CADET was fixed
-
Various improvements to build system and documentation
The above is just the short list, our bugtracker lists
14 individual issues that were resolved since 0.11.0.
Known Issues
-
There are known major design issues in the TRANSPORT, ATS and CORE subsystems
which will need to be addressed in the future to achieve acceptable usability,
performance and security.
-
There are known moderate implementation limitations in CADET that
negatively impact performance. Also CADET may unexpectedly deliver messages out-of-order.
-
There are known moderate design issues in FS that also impact
usability and performance.
-
There are minor implementation limitations in SET that create
unnecessary attack surface for availability.
-
The RPS subsystem remains experimental.
-
Some high-level tests in the test-suite fail non-deterministically due to
the low-level TRANSPORT issues.
In addition to this list, you may also want to consult our bug tracker
at bugs.gnunet.org which lists
about 190 more specific issues.
Thanks
This release was the work of many people. The following people
contributed code and were thus easily identified:
ng0, Christian Grothoff, Hartmut Goebel, Martin Schanzenbach, Devan Carpenter, Naomi Phillips and Julius Bünger.
We are pleased to announce the release of GNUnet 0.11.0.
This is a major release after about five years of development. In
terms of usability, users should be aware that there are still a large
number of known open issues in particular with respect to ease of use,
but also some critical privacy issues especially for mobile users.
Also, the nascent network is tiny (about 200 peers) and thus unlikely to
provide good anonymity or extensive amounts of interesting
information. As a result, the 0.11.0 release is still only suitable
for early adopters with some reasonable pain tolerance.
Download links
Note that due to mirror synchronization, not all links might be functional
early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/
Note that GNUnet is now started using gnunet-arm -s. GNUnet should be
stopped using gnunet-arm -e.
Noteworthy changes in 0.11.0
- The Web site and manuals have undergone significant rework. You can find an
archive of the old Web site at archive.org.
- The code now builds again on macOS. GNUnet on macOS is experimental.
While it builds and seems to run fine, some tests are known to fail.
- Build process now works properly with libidn2
- Except for gnunet-qr, all Python code was migrated to Python 3.7.
- Fixed security issues in secret sharing cryptography logic
- Services running out of file descriptors on accept() no longer busy wait
- Fixed crash in gnunet-gns2dns proxy
- GNS responses are now padded to minimize information disclosure from the size
- Fixed API issues and (rare) crash bugs in CADET
- The experimental SecuShare code is not included in the release, you can
now find it in the gnunet-secushare
Git repository.
- The Ascension tool (separate download) now allows importing DNS zones into GNS via AXFR.
- GNUnet now includes a decentralised identity attribute sharing service:
reclaimID. A ready-to-use client can be found in an
external repo.
- The code now builds again on NetBSD. GNUnet on NetBSD is experimental.
While it builds and seems to run fine, full support requires more
changes in the core of GNUnet
It will soon be available via pkgsrc.
- Many things changed on the build system side. If you package
GNUnet for an operating system or otherwise package manager,
make sure that you read the README.
The above is just the short list, our bugtracker lists
over 100 individual issues that were resolved since 0.11.0pre66.
Known Issues
- There are known major design issues in the TRANSPORT, ATS and CORE subsystems
which will need to be addressed in the future to achieve acceptable usability,
performance and security.
- There are known moderate implementation limitations in CADET that
negatively impact performance. Also CADET may unexpectedly deliver messages out-of-order.
- There are known moderate design issues in FS that also impact
usability and performance.
- There are minor implementation limitations in SET that create
unnecessary attack surface for availability.
- The RPS subsystem remains experimental.
- Some high-level tests in the test-suite fail non-deterministically due to
the low-level TRANSPORT issues.
In addition to this list, you may also want to consult our bug tracker
at bugs.gnunet.org which lists
about 150 more specific issues.
Thanks
This release was the work of many people. The following people
contributed code and were thus easily identified:
Christian Grothoff, Matthias Wachs, Bart Polot, Sree Harsha Totakura,
Nathan S. Evans, Martin Schanzenbach, Julius Bünger, ng0,
Philipp Tölke, Florian Dold, Руслан Ижбулатов, tg(x), David Barksdale,
Christian Fuchs, Nils Durner, Omar Tarabai, Maximilian Szengel, Supriti
Singh, lurchi, David Brodski, xrs, Fabian Oehlmann, Carlo von lynX,
Christophe Genevey Metat, Jeffrey Burdges, Safey A.Halim, Daniel Golle,
Phil, Bruno Cabral, Ji Lu, Heikki Lindholm, Markus Teich, t3sserakt,
Claudiu Olteanu, Marcello Stanisci, Moon, Hernani Marques, anryko, Arthur Dewarumez,
Julien Morvan, Adnan H, rexxnor, Lin Tong, Andreas Fuchs, Christian Rupp, jah,
Alejandra Morales, Bernd Fix, Feideus, Matthias Kolja Miehl, Andrew Cann, Antonio Ojea,
Pascal Mainini, amirouche and hark.
Special thanks to Florian Weimer.
GNUnet is participating in the Google Summer of Code
again through GNU. If you are interested in any of
these projects, reach out to us!
Android Port
It is time for GNUnet to run properly on Android. Note that
GNUnet is written in C, and this is not about rewriting
GNUnet in Java, but about getting the C code to run on Android.
Mentor: Hartmut Goebel
Help with Continuous Integration setup
There is a push for migrating our CI to Gitlab. The CI should
eventually not just run "make check" on various platforms, but also
perform tests with multiple peers running in different VMs with
specific network topologies (i.e. NAT) between them being simulated.
The CI should also be integrated with Gauger for performance
regression analysis. Running jobs only when dependencies have changed
and scripting more granular triggers or ideally automatic dependency
discovery (as done by the autotools) is also important.
Mentor: TBD
Migrate gnunet-qr from Python 2.7 to C using libzbar
Python 2.7 is reaching its end-of-life, and we want to get rid
of the dependency on Python. The existing gnunet-qr tool is a
rather simple wrapper around python-zbar, which itself wraps
libzbar. The goal of this project is to directly use libzbar
to scan QR codes for GNUnet / the GNU Name System (see
also #5562).
Mentor: Christian Grothoff
re:claimID OpenID Connect performance improvements
reclaimID is a decentralized identity system build on top of the GNU
Name System.
Upon authorization, the user provides a requesting party (RP) such as a website
with an authorization ticket (e.g. piggybacked in an OpenID authorization code).
The RP uses information contained in this ticket to
- Retrieve the decryption key from GNS
- Retrieve the user attributes from GNS
The GNS lookups ensure that the RP receives up-to-date attributes and functional
decryption keys. However, in particular the RP-specific encryption key
resolution can be slow and even fail depending on the network topology.
We propose that in an initial exchange, in particular OpenID authorization code
flows, we try to incorporate key and maybe even an attribute set in the ticket
exchange.
In order to mitigate this issue, this project is meant to investigate and implement how...
- ... decryption keys can be added to an initial exchange in OpenID.
- ... initial set(s) of attributes can be piggybacked in OpenID.
Mentor: Martin Schanzenbach
re:claimID alternative GNS-based encryption
re:claimID is a decentralized identity system build on top of the GNU
Name System.
The initial design and implementation of re:claimID includes an attribute-based
encryption module in order to prevent unauthorized access to attributes in the
name system.
Our motivation for re:claimID was for it to be name system agnostic, which
means the design theoretically also works for other name systems such as
namecoin.
Other name systems often do not have built-in mechanisms in order to do this.
Hence, we implemented an ABE access control layer. Our ABE implementation
requires two third party libraries: libpbc and libgabe. While we could merge
libgabe into the gnunet service implementation of re:claimID, libpbc is a
rather large, third party library which lacks packaging in distributions and
for platforms.
On the other hand, GNS supports record data encryption using symmetric keys as
labels.
If we make the access control layer of re:claimID more generic in order to
support both ABE and GNS encryption, we could reduce the required depenencies.
This would result in gnunet packages to include re:claimID by default.
In short, the goals are to...
- ... improve performance by reducing encryption overhead.
- ... reduce dependencies.
Mentor: Martin Schanzenbach
Enable all networking applications to run over GNUnet out of the box
One great problem of the current Internet is the lack of disintermediation. When people want to talk they need a chat service. When they want to share files they need a file transfer service. Although GNUnet already possesses quite advanced integration into Linux networking, a little extra work is needed for existing applications like irc, www, ftp, rsh, nntpd to run over it in a peer-to-peer way, simply by using a GNS hostname like friend.gnu. Once people have added a person to their GNS they can immediately message, exchange files and suchlike directly, with nothing but the GNUnet in the middle, using applications that have been distributed with unix systems ever since the 1980's. We can produce an OS distribution where these things work out of the box with the nicknames of people instead of cloud services. For more information and context, read bug id 4625.
Mentors: lynX & dvn
More news
