- Developer Corner
- Recent posts
GNUnet is a mesh routing layer for end-to-end encrypted networking and a framework for distributed applications designed to replace the old insecure Internet protocol stack.
In other words, GNUnet provides a strong foundation of free software for a global, distributed network that provides security and privacy. Along with an application for secure publication of files, it has grown to include all kinds of basic applications for the foundation of a GNU internet.Read more Friday, February 19, 2010 - 22:34 Christian Grothoff
Today the microfork of curl, gnurl, has been released in version 7.52.1 following the release of curl. This fixes CVE-2016-9594 present only in the previous version of cURL (and therefore gnurl).Read more Friday, December 23, 2016 - 11:02 ng0
Today the microfork of curl, gnurl, has been released in version 7.52.0 following the release of curl.Read more Wednesday, December 21, 2016 - 16:19 ng0
We are happy to announce our annual GNUnet e.V. meeting at 33C3. All members of GNUnet e.V. are cordially invited.
The meeting starts at 2016/12/28 12:30 at Hall A.1.
More information is available on:
Information about the venue can be found on:
Looking forward to see you all!Read more Friday, December 16, 2016 - 09:44 Matthias Wachs
At 33c3 the GNUNet & pEp assembly will host a "YBTI/We Fix the Net" session with a series of talks of developing secure alternatives to current internet protocols. We might hold an organized discussion or panel as well.
More details will be posted here closer to the congress. For now, please contact us at email@example.com if you would like to present your work or wish to organize a panel or other activity.
We will maintain the schedule in the 33c3 wiki at
DNS allows to resolve the name of an IP address. This is sometimes called "reverse lookup". In fact, it is actually "normal" resolution of a PTR record. The name of such a record would be, for example, 220.127.116.11.in-addr.arpa. The .arpa TLD is managed by IANA.
This blogpost is meant to spread ideas that have been exchanged via private email and might be interesting for a broader audience. If you feel like you have useful comments, don't hesitate to do so.
Reverse resolution is a useful feature to enhance readability of service descriptors.
Examples where reverse lookups are useful include:
Received an email from bob@ABCD.zkey or pubkey authentication by ABCD.zkey to my service.
In GNS, reverse resolution is currently not supported and even if it was, there are some obstacles that need to be managed.
Reverse lookups in GNS
GNS names (.gnu TLD) are resolved relative the the user's local root zone. GNS reverse lookups are limited to PKEYs. e.g. Alice wants to know who ABCD.zkey is and how her root namespace relates to that identity.
A simple example reverse lookup would be:
$ gnunet-gns -R ABCD.zkey
This tells alice that ABCD.zkey is actually "dave" that is known by Alice's friend "bob".
However, the actual lookup of this delegation is non-trivial in GNS as bob can choose any name for dave's PKEY. This name is unknown to Alice.
A straight forward approach for a lookup would be the following:
Why does resultion stop at 5.? Because if Alice cannot find a delegation to ABCD in one of her known and delegated PKEYs there is no way for her to enumerate all records in those namespaces (by design, GNS leverages this for query privacy and record confidentiality).
This method is characterized by two properties:
Advanced reverse lookups in GNS
In some discussions with Christian we have established a few approches that can improve reverse resolution.
If namespaces would contain special records under the "+" label that point back to other namespaces delegating to them it would allow us to implement an algorithm to lookup the delegation "backwards", i.e. starting from the zone in question (ABCD):
This approach requires the addition and management of REVERSE records. As this cannot be expected by the user it must be done by GNS automatically. For example, GNS might periodically check if any namespaces delegated to from the root zone also contain a delegation back to our root zone (e.g. by checking if alice.bob.gnu can be resolved to Alice's root zone). Those namespaces are added in a REVERSE record.
REVERSE and FORWARD records
We could also support some kind of directed
search from both ends:
Now, if we want to find out who ABCD.zkey is, we start from both ends:
Each of the iterations results in an exponential increase in the
working sets, so we shoud stop at some maximum number of records inspected with "not found".
Global delegation DB
If we add a way to distribute the public
delegations, for which something simple like running a combination of
gossip (new public record) and the existing GNUnet SET union protocol
(new neighbour) between peers should allow us to easily replicate the
entire public DB globally. Then, reverse lookup is trivial (local
DB operation), at least as long as all public links can be globally
replicated. Might combine it with some modest proof-of-work to avoid
people spamming the network.
This might also require us to redefine record visibility to:
In summer 2015 I started to package GNUnet for Gentoo as contributor to the youbroketheinternet-overlay.
This short post is to announce that, among other packages, you can now build and install GNUnet (and gnunet-gtk, gnurl) on Gentoo as easy as:Read more Sunday, October 2, 2016 - 23:16 ng0
GHM 2016 is over. However, thanks to Alain Crenn's excellent recording work, you can find the recorded talks here.
(We also made them available to audio-video of GNU, but they have not yet posted them for some reason.)Read more Tuesday, September 6, 2016 - 19:40 Christian Grothoff