Christian Grothoff <[email protected]> skribis: > On 03/14/2014 12:08 AM, Ludovic Courtès wrote: >> Christian Grothoff <[email protected]> skribis: >> >>> Ludo, would you please consider moving to the GNU Name System? >> >> Guix uses the SPKI-like infrastructure for purposes unrelated to the >> project at hand (to sign/authenticate archives.) > > Yes, so what? My point is that once you move to ECDSA/Curve25519 > to sign/authenticate archives, you will have better crypto and > open the door for a potentially tight integration with GNS.
Sure, but we also want this sort of basic functionality to be available even when Guix is used without GNUnet support. So we can’t just get rid of it. >> However, it probably makes sense to rely more on GNS in whatever will be >> developed as part of this GSoC. >> >>> GNS is based on SDSI/SPKI (delegation certificates!), and has many >>> other advantages (not to mention uses Curve25519 instead of RSA). >>> GNUnet's identity management is based on Curve25519 ECDSA signatures, >>> and we are using libgcrypt for those. >> >> Guix uses libgcrypt too, essentially manipulating canonical sexps. So >> it could be that integration would be fairly simple? > > GNUnet doesn't use sexps in the wire format as it it both verbose and > not really the canonical way to represent Curve25519 points (for that, > there is a nice, compact 32-byte binary encoding). But of course the > conversion is trivial and we do that in libgnunetutil in various > places. > > So sexps is really not the issue, the use of RSA vs. Curve25519 is > more what I am concerned about Guix is not tied to any particular public key crypto algorithm. Currently we typically use RSA key, as you note, but we could just as well tell libgcrypt to use something else, no? --8<---------------cut here---------------start------------->8--- scheme@(guile-user)> ,use(guix pk-crypto) scheme@(guile-user)> (generate-key (string->canonical-sexp "(genkey (ecc (curve Ed25519)(flags transient-key)))")) $6 = #<canonical-sexp 18b3ae0 | 7f1c4bc35030> scheme@(guile-user)> (canonical-sexp->string $6) $7 = "(key-data \n (public-key \n (ecc \n (curve Ed25519)\n (q #23D88D433C8350EE110814B9E0B352C42687898B2DDC1A8025016A64049E9118#)\n )\n )\n (private-key \n (ecc \n (curve Ed25519)\n (q #23D88D433C8350EE110814B9E0B352C42687898B2DDC1A8025016A64049E9118#)\n (d #47DF363B3B9A07D98700F1EF4914034C66D6750CA55604EBCE1F37F062E73278#)\n )\n )\n )\n" --8<---------------cut here---------------end--------------->8--- Thanks, Ludo’. _______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
