GNUnet 0.25.0 released

We are pleased to announce the release of GNUnet 0.25.0.
GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. Our goal is to replace the old insecure Internet protocol stack. Starting from an application for secure publication of files, it has grown to include all kinds of basic protocol components and applications towards the creation of a GNU internet.

This is a new major release. Major versions may break protocol compatibility with the 0.24.X versions. Please be aware that Git master is thus henceforth (and has been for a while) INCOMPATIBLE with the 0.24.X GNUnet network, and interactions between old and new peers will result in issues. In terms of usability, users should be aware that there are still a number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.25.0 release is still only suitable for early adopters with some reasonable pain tolerance.

Thanks to NLnet and NGI Zero Entrust, we were able to rework our CORE layer which includes Peer Identity management, and the hop-to-hop secure channel communication channel. As part of this work, we have created a technical specification of the new CORE Authenticated Key Exchange (CAKE) in LSD0012. CAKE replaces our previously undocumented handshake protocol that had major cryptographic smells. CAKE borrows a lot of concepts of DTLS1.3 and with the specification makes implementation and cryptographic review easier. This release also includes a specification of the new Peer Identity Lifecycle in (LSD0014). PILS aims at enhancing peer identity privacy by deriving peer identities from the current connectivity context (the addresses under which a peer is reachable).

Further, also thanks to NLnet and NGI Zero Entrust, we were able to improve the performance and functionality of our DNS to GNS zone transfer and mirroring tooling which includes Ascension, a python-based service that makes use if AXFR/IXFR zone transfers, and two new tools that allow zone migrations from DNS zone files as well as plain domain names. See the documentation on DNS zone migration for details.

You may notice that this release does not include a new gnunet-gtk version. The current implementation of gnunet-gtk is still based on Gtk+3 and libglade, the latter being already deprecated and no longer packaged in some distributions. Hence maintenance of gnunet-gtk has increasingly become rather tedious. Since upgrading to Gtk+4 (or later) requires significant rewrites it will likely be a completely new piece of software. Currently, we do not have the resources to do this, so we are retiring gnunet-gtk until further notice as of this release.

Download links

• gnunet-0.25.0.tar.gz (signature)
• gnunet-fuse-0.25.0.tar.gz (signature)

The GPG key used to sign is: 3D11063C10F98D14BD24D1470B0998EF86F59B6A

Note that due to mirror synchronization, not all links might be functional early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/

Changes

A detailed list of changes can be found in the git log, the NEWS and the bug tracker. Noteworthy highlights are

• build: Removed remnants of autools. Fixes #9555.
• CORE: A brand new secure channel that is established using a variant of KEMTLS using X25519+XChaCha20-Poly1305and borrows a lot of the concepts of (D)TLS (RFC 8446,RFC 9147).
• PILS: This service allows is to deterministically derive peer IDs depending on the current connection context. This means that peers will have a different Peer ID at home than they have when you travel abroad, protecting your movements.
• NAMESTORE: Significant performance improvements and bug fixes to the service and DNS zone import tooling as well as APIs.

Known Issues

• There are known major issues with the TRANSPORT subsystem.
• There may be some regressions in the new CORE subsystem.
• There are known moderate implementation limitations in CADET that negatively impact performance.
• There are known moderate design issues in FS that also impact usability and performance.
• There are minor implementation limitations in SET that create unnecessary attack surface for availability.
• The RPS subsystem remains experimental.

In addition to this list, you may also want to consult our bug tracker at bugs.gnunet.org which lists about 190 more specific issues.

Thanks

This release was the work of many people. The following people contributed code and were thus easily identified: Christian Grothoff, Florian Dold, TheJackiMonster, ch3, and Martin Schanzenbach.