Skip to content

Commit c18f24e

Browse files
author
ID Bot
committed
Script updating gh-pages from 26513ea. [ci skip]
1 parent db56435 commit c18f24e

2 files changed

Lines changed: 34 additions & 15 deletions

File tree

draft-denis-dprive-dnscrypt.html

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1508,7 +1508,7 @@ <h2 id="name-protocol-components">
15081508
<p id="section-4-3.6.1"><code>&lt;client-nonce&gt;</code>: a unique query identifier for a given (<code>&lt;client-sk&gt;</code>, <code>&lt;resolver-pk&gt;</code>) tuple. Every newly encrypted DNSCrypt query for the same (<code>&lt;client-sk&gt;</code>, <code>&lt;resolver-pk&gt;</code>) tuple <span class="bcp14">MUST</span> use a distinct <code>&lt;client-nonce&gt;</code> value, even when the plaintext DNS query is being retried. Retransmitting the same already-encrypted DNSCrypt packet does not require changing its nonce. The length of <code>&lt;client-nonce&gt;</code> is determined by the chosen encryption algorithm.<a href="#section-4-3.6.1" class="pilcrow"></a></p>
15091509
</li>
15101510
<li class="normal" id="section-4-3.7">
1511-
<p id="section-4-3.7.1"><code>AE</code>: the authenticated encryption function.<a href="#section-4-3.7.1" class="pilcrow"></a></p>
1511+
<p id="section-4-3.7.1"><code>AE</code>: the authenticated encryption function. For the encryption systems defined in this document, it is the <code>XChaCha20_DJB-Poly1305</code> construction of Appendix 1, whose output is the 16-byte authentication tag followed by the ciphertext.<a href="#section-4-3.7.1" class="pilcrow"></a></p>
15121512
</li>
15131513
<li class="normal" id="section-4-3.8">
15141514
<p id="section-4-3.8.1"><code>&lt;encrypted-query&gt;</code>: <code>AE(&lt;shared-key&gt; &lt;client-nonce&gt; &lt;client-nonce-pad&gt;, &lt;client-query&gt; &lt;client-query-pad&gt;)</code><a href="#section-4-3.8.1" class="pilcrow"></a></p>
@@ -1550,7 +1550,7 @@ <h2 id="name-protocol-components">
15501550
<p id="section-4-5.7.1"><code>&lt;resolver-nonce&gt;</code>: a unique response identifier for a given <code>(&lt;client-pk&gt;, &lt;resolver-sk&gt;)</code> tuple. The length of <code>&lt;resolver-nonce&gt;</code> depends on the chosen encryption algorithm.<a href="#section-4-5.7.1" class="pilcrow"></a></p>
15511551
</li>
15521552
<li class="normal" id="section-4-5.8">
1553-
<p id="section-4-5.8.1"><code>AE</code>: the authenticated encryption function.<a href="#section-4-5.8.1" class="pilcrow"></a></p>
1553+
<p id="section-4-5.8.1"><code>AE</code>: the authenticated encryption function. For the encryption systems defined in this document, it is the <code>XChaCha20_DJB-Poly1305</code> construction of Appendix 1, whose output is the 16-byte authentication tag followed by the ciphertext.<a href="#section-4-5.8.1" class="pilcrow"></a></p>
15541554
</li>
15551555
<li class="normal" id="section-4-5.9">
15561556
<p id="section-4-5.9.1"><code>&lt;encrypted-response&gt;</code>: <code>AE(&lt;shared-key&gt;, &lt;nonce&gt;, &lt;resolver-response&gt; &lt;resolver-response-pad&gt;)</code><a href="#section-4-5.9.1" class="pilcrow"></a></p>
@@ -1830,7 +1830,7 @@ <h3 id="name-certificates">
18301830
<p id="section-5.5-18.2.1"><code>&lt;cert-magic&gt;</code>: <code>0x44 0x4e 0x53 0x43</code><a href="#section-5.5-18.2.1" class="pilcrow"></a></p>
18311831
</li>
18321832
<li class="normal" id="section-5.5-18.3">
1833-
<p id="section-5.5-18.3.1"><code>&lt;es-version&gt;</code>: the cryptographic construction to use with this certificate. For Box-XChaChaPoly, <code>&lt;es-version&gt;</code> <span class="bcp14">MUST</span> be <code>0x00 0x02</code>.<a href="#section-5.5-18.3.1" class="pilcrow"></a></p>
1833+
<p id="section-5.5-18.3.1"><code>&lt;es-version&gt;</code>: the cryptographic construction to use with this certificate. For the <code>Box-XChaChaPoly</code> construction of Appendix 1, that is, the X25519 key exchange with the <code>XChaCha20_DJB-Poly1305</code> authenticated encryption algorithm, <code>&lt;es-version&gt;</code> <span class="bcp14">MUST</span> be <code>0x00 0x02</code>.<a href="#section-5.5-18.3.1" class="pilcrow"></a></p>
18341834
</li>
18351835
<li class="normal" id="section-5.5-18.4">
18361836
<p id="section-5.5-18.4.1"><code>&lt;protocol-minor-version&gt;</code>: <code>0x00 0x00</code><a href="#section-5.5-18.4.1" class="pilcrow"></a></p>
@@ -1858,21 +1858,22 @@ <h3 id="name-certificates">
18581858
</li>
18591859
</ul>
18601860
<p id="section-5.5-19">Certificates made of this information, without extensions, are 116 bytes long. With the addition of <code>&lt;cert-magic&gt;</code>, <code>&lt;es-version&gt;</code>, and <code>&lt;protocol-minor-version&gt;</code>, the record is 124 bytes long.<a href="#section-5.5-19" class="pilcrow"></a></p>
1861-
<p id="section-5.5-20">After receiving a set of certificates, the client checks their validity based on the current date, filters out the ones designed for encryption systems that are not supported by the client, and chooses the certificate with the higher serial number.<a href="#section-5.5-20" class="pilcrow"></a></p>
1862-
<p id="section-5.5-21">DNSCrypt queries sent by the client <span class="bcp14">MUST</span> use the <code>&lt;client-magic&gt;</code> header of the chosen certificate, as well as the specified encryption system and public key.<a href="#section-5.5-21" class="pilcrow"></a></p>
1863-
<p id="section-5.5-22">The client <span class="bcp14">MUST</span> check for new certificates every hour and switch to a new certificate if:<a href="#section-5.5-22" class="pilcrow"></a></p>
1861+
<p id="section-5.5-20">Within a <code>TXT</code> record, the certificate is carried in the record's RDATA, which is a sequence of length-prefixed character-strings <span>[<a href="#RFC1035" class="cite xref">RFC1035</a>]</span>. A client reconstructs the certificate by concatenating these character-strings in order, after removing the single length octet that precedes each one. A 124-byte classical certificate fits in a single character-string, whereas a larger certificate spans several character-strings that <span class="bcp14">MUST</span> be concatenated in this way before the certificate is parsed.<a href="#section-5.5-20" class="pilcrow"></a></p>
1862+
<p id="section-5.5-21">After receiving a set of certificates, the client checks their validity based on the current date, filters out the ones designed for encryption systems that are not supported by the client, and chooses the certificate with the higher serial number.<a href="#section-5.5-21" class="pilcrow"></a></p>
1863+
<p id="section-5.5-22">DNSCrypt queries sent by the client <span class="bcp14">MUST</span> use the <code>&lt;client-magic&gt;</code> header of the chosen certificate, as well as the specified encryption system and public key.<a href="#section-5.5-22" class="pilcrow"></a></p>
1864+
<p id="section-5.5-23">The client <span class="bcp14">MUST</span> check for new certificates every hour and switch to a new certificate if:<a href="#section-5.5-23" class="pilcrow"></a></p>
18641865
<ul class="normal">
1865-
<li class="normal" id="section-5.5-23.1">
1866-
<p id="section-5.5-23.1.1">The current certificate is not present or not valid anymore,<a href="#section-5.5-23.1.1" class="pilcrow"></a></p>
1866+
<li class="normal" id="section-5.5-24.1">
1867+
<p id="section-5.5-24.1.1">The current certificate is not present or not valid anymore,<a href="#section-5.5-24.1.1" class="pilcrow"></a></p>
18671868
</li>
18681869
</ul>
1869-
<p id="section-5.5-24">or<a href="#section-5.5-24" class="pilcrow"></a></p>
1870+
<p id="section-5.5-25">or<a href="#section-5.5-25" class="pilcrow"></a></p>
18701871
<ul class="normal">
1871-
<li class="normal" id="section-5.5-25.1">
1872-
<p id="section-5.5-25.1.1">A certificate with a higher serial number than the current one is available.<a href="#section-5.5-25.1.1" class="pilcrow"></a></p>
1872+
<li class="normal" id="section-5.5-26.1">
1873+
<p id="section-5.5-26.1.1">A certificate with a higher serial number than the current one is available.<a href="#section-5.5-26.1.1" class="pilcrow"></a></p>
18731874
</li>
18741875
</ul>
1875-
<p id="section-5.5-26">The certificate management system ensures that cryptographic keys remain fresh and that clients can smoothly transition to updated certificates. With the core protocol mechanics now established, we can examine implementation considerations.<a href="#section-5.5-26" class="pilcrow"></a></p>
1876+
<p id="section-5.5-27">The certificate management system ensures that cryptographic keys remain fresh and that clients can smoothly transition to updated certificates. With the core protocol mechanics now established, we can examine implementation considerations.<a href="#section-5.5-27" class="pilcrow"></a></p>
18761877
</section>
18771878
</div>
18781879
</section>

draft-denis-dprive-dnscrypt.txt

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -276,7 +276,10 @@ Table of Contents
276276
of <client-nonce> is determined by the chosen encryption
277277
algorithm.
278278

279-
* AE: the authenticated encryption function.
279+
* AE: the authenticated encryption function. For the encryption
280+
systems defined in this document, it is the XChaCha20_DJB-Poly1305
281+
construction of Appendix 1, whose output is the 16-byte
282+
authentication tag followed by the ciphertext.
280283

281284
* <encrypted-query>: AE(<shared-key> <client-nonce> <client-nonce-
282285
pad>, <client-query> <client-query-pad>)
@@ -313,7 +316,10 @@ Table of Contents
313316
(<client-pk>, <resolver-sk>) tuple. The length of <resolver-
314317
nonce> depends on the chosen encryption algorithm.
315318

316-
* AE: the authenticated encryption function.
319+
* AE: the authenticated encryption function. For the encryption
320+
systems defined in this document, it is the XChaCha20_DJB-Poly1305
321+
construction of Appendix 1, whose output is the 16-byte
322+
authentication tag followed by the ciphertext.
317323

318324
* <encrypted-response>: AE(<shared-key>, <nonce>, <resolver-
319325
response> <resolver-response-pad>)
@@ -689,7 +695,10 @@ Table of Contents
689695
* <cert-magic>: 0x44 0x4e 0x53 0x43
690696

691697
* <es-version>: the cryptographic construction to use with this
692-
certificate. For Box-XChaChaPoly, <es-version> MUST be 0x00 0x02.
698+
certificate. For the Box-XChaChaPoly construction of Appendix 1,
699+
that is, the X25519 key exchange with the XChaCha20_DJB-Poly1305
700+
authenticated encryption algorithm, <es-version> MUST be 0x00
701+
0x02.
693702

694703
* <protocol-minor-version>: 0x00 0x00
695704

@@ -728,6 +737,15 @@ Table of Contents
728737
bytes long. With the addition of <cert-magic>, <es-version>, and
729738
<protocol-minor-version>, the record is 124 bytes long.
730739

740+
Within a TXT record, the certificate is carried in the record's
741+
RDATA, which is a sequence of length-prefixed character-strings
742+
[RFC1035]. A client reconstructs the certificate by concatenating
743+
these character-strings in order, after removing the single length
744+
octet that precedes each one. A 124-byte classical certificate fits
745+
in a single character-string, whereas a larger certificate spans
746+
several character-strings that MUST be concatenated in this way
747+
before the certificate is parsed.
748+
731749
After receiving a set of certificates, the client checks their
732750
validity based on the current date, filters out the ones designed for
733751
encryption systems that are not supported by the client, and chooses

0 commit comments

Comments
 (0)