You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<pid="section-4-3.6.1"><code><client-nonce></code>: a unique query identifier for a given (<code><client-sk></code>, <code><resolver-pk></code>) tuple. Every newly encrypted DNSCrypt query for the same (<code><client-sk></code>, <code><resolver-pk></code>) tuple <spanclass="bcp14">MUST</span> use a distinct <code><client-nonce></code> value, even when the plaintext DNS query is being retried. Retransmitting the same already-encrypted DNSCrypt packet does not require changing its nonce. The length of <code><client-nonce></code> is determined by the chosen encryption algorithm.<ahref="#section-4-3.6.1" class="pilcrow">¶</a></p>
1509
1509
</li>
1510
1510
<liclass="normal" id="section-4-3.7">
1511
-
<pid="section-4-3.7.1"><code>AE</code>: the authenticated encryption function.<ahref="#section-4-3.7.1" class="pilcrow">¶</a></p>
1511
+
<pid="section-4-3.7.1"><code>AE</code>: the authenticated encryption function. For the encryption systems defined in this document, it is the <code>XChaCha20_DJB-Poly1305</code> construction of Appendix 1, whose output is the 16-byte authentication tag followed by the ciphertext.<ahref="#section-4-3.7.1" class="pilcrow">¶</a></p>
<pid="section-4-5.7.1"><code><resolver-nonce></code>: a unique response identifier for a given <code>(<client-pk>, <resolver-sk>)</code> tuple. The length of <code><resolver-nonce></code> depends on the chosen encryption algorithm.<ahref="#section-4-5.7.1" class="pilcrow">¶</a></p>
1551
1551
</li>
1552
1552
<liclass="normal" id="section-4-5.8">
1553
-
<pid="section-4-5.8.1"><code>AE</code>: the authenticated encryption function.<ahref="#section-4-5.8.1" class="pilcrow">¶</a></p>
1553
+
<pid="section-4-5.8.1"><code>AE</code>: the authenticated encryption function. For the encryption systems defined in this document, it is the <code>XChaCha20_DJB-Poly1305</code> construction of Appendix 1, whose output is the 16-byte authentication tag followed by the ciphertext.<ahref="#section-4-5.8.1" class="pilcrow">¶</a></p>
<pid="section-5.5-18.3.1"><code><es-version></code>: the cryptographic construction to use with this certificate. For Box-XChaChaPoly, <code><es-version></code><spanclass="bcp14">MUST</span> be <code>0x00 0x02</code>.<ahref="#section-5.5-18.3.1" class="pilcrow">¶</a></p>
1833
+
<pid="section-5.5-18.3.1"><code><es-version></code>: the cryptographic construction to use with this certificate. For the <code>Box-XChaChaPoly</code> construction of Appendix 1, that is, the X25519 key exchange with the <code>XChaCha20_DJB-Poly1305</code> authenticated encryption algorithm, <code><es-version></code><spanclass="bcp14">MUST</span> be <code>0x00 0x02</code>.<ahref="#section-5.5-18.3.1" class="pilcrow">¶</a></p>
<pid="section-5.5-19">Certificates made of this information, without extensions, are 116 bytes long. With the addition of <code><cert-magic></code>, <code><es-version></code>, and <code><protocol-minor-version></code>, the record is 124 bytes long.<ahref="#section-5.5-19" class="pilcrow">¶</a></p>
1861
-
<pid="section-5.5-20">After receiving a set of certificates, the client checks their validity based on the current date, filters out the ones designed for encryption systems that are not supported by the client, and chooses the certificate with the higher serial number.<ahref="#section-5.5-20" class="pilcrow">¶</a></p>
1862
-
<pid="section-5.5-21">DNSCrypt queries sent by the client <spanclass="bcp14">MUST</span> use the <code><client-magic></code> header of the chosen certificate, as well as the specified encryption system and public key.<ahref="#section-5.5-21" class="pilcrow">¶</a></p>
1863
-
<pid="section-5.5-22">The client <spanclass="bcp14">MUST</span> check for new certificates every hour and switch to a new certificate if:<ahref="#section-5.5-22" class="pilcrow">¶</a></p>
1861
+
<pid="section-5.5-20">Within a <code>TXT</code> record, the certificate is carried in the record's RDATA, which is a sequence of length-prefixed character-strings <span>[<ahref="#RFC1035" class="cite xref">RFC1035</a>]</span>. A client reconstructs the certificate by concatenating these character-strings in order, after removing the single length octet that precedes each one. A 124-byte classical certificate fits in a single character-string, whereas a larger certificate spans several character-strings that <spanclass="bcp14">MUST</span> be concatenated in this way before the certificate is parsed.<ahref="#section-5.5-20" class="pilcrow">¶</a></p>
1862
+
<pid="section-5.5-21">After receiving a set of certificates, the client checks their validity based on the current date, filters out the ones designed for encryption systems that are not supported by the client, and chooses the certificate with the higher serial number.<ahref="#section-5.5-21" class="pilcrow">¶</a></p>
1863
+
<pid="section-5.5-22">DNSCrypt queries sent by the client <spanclass="bcp14">MUST</span> use the <code><client-magic></code> header of the chosen certificate, as well as the specified encryption system and public key.<ahref="#section-5.5-22" class="pilcrow">¶</a></p>
1864
+
<pid="section-5.5-23">The client <spanclass="bcp14">MUST</span> check for new certificates every hour and switch to a new certificate if:<ahref="#section-5.5-23" class="pilcrow">¶</a></p>
1864
1865
<ulclass="normal">
1865
-
<liclass="normal" id="section-5.5-23.1">
1866
-
<pid="section-5.5-23.1.1">The current certificate is not present or not valid anymore,<ahref="#section-5.5-23.1.1" class="pilcrow">¶</a></p>
1866
+
<liclass="normal" id="section-5.5-24.1">
1867
+
<pid="section-5.5-24.1.1">The current certificate is not present or not valid anymore,<ahref="#section-5.5-24.1.1" class="pilcrow">¶</a></p>
<pid="section-5.5-25.1.1">A certificate with a higher serial number than the current one is available.<ahref="#section-5.5-25.1.1" class="pilcrow">¶</a></p>
1872
+
<liclass="normal" id="section-5.5-26.1">
1873
+
<pid="section-5.5-26.1.1">A certificate with a higher serial number than the current one is available.<ahref="#section-5.5-26.1.1" class="pilcrow">¶</a></p>
1873
1874
</li>
1874
1875
</ul>
1875
-
<pid="section-5.5-26">The certificate management system ensures that cryptographic keys remain fresh and that clients can smoothly transition to updated certificates. With the core protocol mechanics now established, we can examine implementation considerations.<ahref="#section-5.5-26" class="pilcrow">¶</a></p>
1876
+
<pid="section-5.5-27">The certificate management system ensures that cryptographic keys remain fresh and that clients can smoothly transition to updated certificates. With the core protocol mechanics now established, we can examine implementation considerations.<ahref="#section-5.5-27" class="pilcrow">¶</a></p>
0 commit comments