You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-denis-dprive-dnscrypt.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -126,7 +126,7 @@ Definitions for client queries:
126
126
- `<client-sk>`: the client's secret key.
127
127
- `<resolver-pk>`: the resolver's public key.
128
128
- `<client-nonce>`: a unique query identifier for a given (`<client-sk>`, `<resolver-pk>`) tuple. Every newly encrypted DNSCrypt query for the same (`<client-sk>`, `<resolver-pk>`) tuple MUST use a distinct `<client-nonce>` value, even when the plaintext DNS query is being retried. Retransmitting the same already-encrypted DNSCrypt packet does not require changing its nonce. The length of `<client-nonce>` is determined by the chosen encryption algorithm.
129
-
- `AE`: the authenticated encryption function.
129
+
- `AE`: the authenticated encryption function. For the encryption systems defined in this document, it is the `XChaCha20_DJB-Poly1305` construction of Appendix 1, whose output is the 16-byte authentication tag followed by the ciphertext.
- `<shared-key>`: the shared key derived from `<resolver-pk>` and `<client-sk>`, using the key exchange algorithm defined in the chosen certificate.
132
132
- `<client-query>`: the unencrypted client query. The query is not modified; in particular, the query flags are not altered.
@@ -142,7 +142,7 @@ Definitions for server responses:
142
142
- `<client-pk>`: the client's public key.
143
143
- `<resolver-sk>`: the resolver's secret key.
144
144
- `<resolver-nonce>`: a unique response identifier for a given `(<client-pk>, <resolver-sk>)` tuple. The length of `<resolver-nonce>` depends on the chosen encryption algorithm.
145
-
- `AE`: the authenticated encryption function.
145
+
- `AE`: the authenticated encryption function. For the encryption systems defined in this document, it is the `XChaCha20_DJB-Poly1305` construction of Appendix 1, whose output is the 16-byte authentication tag followed by the ciphertext.
- `<es-version>`: the cryptographic construction to use with this certificate. For Box-XChaChaPoly, `<es-version>` MUST be `0x00 0x02`.
382
+
- `<es-version>`: the cryptographic construction to use with this certificate. For the `Box-XChaChaPoly` construction of Appendix 1, that is, the X25519 key exchange with the `XChaCha20_DJB-Poly1305` authenticated encryption algorithm, `<es-version>` MUST be `0x00 0x02`.
383
383
- `<protocol-minor-version>`: `0x00 0x00`
384
384
- `<signature>`: a 64-byte signature of `(<resolver-pk> <client-magic> <serial> <ts-start> <ts-end> <extensions>)` using the Ed25519 algorithm and the provider secret key. Ed25519 MUST be used in this version of the protocol.
385
385
- `<resolver-pk>`: the resolver short-term public key, which is 32 bytes when using X25519.
@@ -391,6 +391,8 @@ A successful response to a certificate request contains one or more `TXT` record
391
391
392
392
Certificates made of this information, without extensions, are 116 bytes long. With the addition of `<cert-magic>`, `<es-version>`, and `<protocol-minor-version>`, the record is 124 bytes long.
393
393
394
+
Within a `TXT` record, the certificate is carried in the record's RDATA, which is a sequence of length-prefixed character-strings {{!RFC1035}}. A client reconstructs the certificate by concatenating these character-strings in order, after removing the single length octet that precedes each one. A 124-byte classical certificate fits in a single character-string, whereas a larger certificate spans several character-strings that MUST be concatenated in this way before the certificate is parsed.
395
+
394
396
After receiving a set of certificates, the client checks their validity based on the current date, filters out the ones designed for encryption systems that are not supported by the client, and chooses the certificate with the higher serial number.
395
397
396
398
DNSCrypt queries sent by the client MUST use the `<client-magic>` header of the chosen certificate, as well as the specified encryption system and public key.
0 commit comments