Re: Contributing to GNUnet

Tanguy Le Carrour Sat, 14 Mar 2020 04:00:56 -0700

Hi Martin,

Le 03/13, Schanzenbach, Martin a écrit :
> > On 13. Mar 2020, at 18:32, Tanguy Le Carrour <tan...@bioneland.org> wrote:
> > Le 03/10, Tanguy Le Carrour a écrit :
> >> Le 03/09, Christian Grothoff a écrit :
> >>> 2) try adding a TLSA record for gnunet.org to GNS, thereby avoiding
> >>>   the use of Letsencrypt and really directly verifying via GNS.
> >> I'll try this and let you know, thanks!
> > So, I did my homework, used a generator [1][] and ended up with this:
> > ```
> > _443._tcp.gnunet.org. IN TLSA 3 1 1 
> > 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
> > ```
> > [1]: https://www.huque.com/bin/gen_tlsa
> > So I now have:
> > ```
> > $ gnunet-namestore -z myself -a -e "1 d" -p -t TLSA -n gnunet -V "3 1 1 
> > 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"
> > $ gnunet-gns --type ANY --lookup gnunet.myself
> > gnunet.myself:
> > Got `TLSA' record: 3 1 1 
> > 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
> > Got `LEHO' record: gnunet.org
> > Got `A' record: 131.159.74.67
> > ```
> > I didn't know where to put the `_443._tcp` part. `gnunet-namestore` 
> > complained
> > about the name containing a `.`.
> > There's something in the doc [2][] about `_port._proto.`, but it's for
> > BOX records only.
> 
> Indeed, instead of a TLSA records, for GNS, you should add a box record that 
> contains a TLSA record. Like so:
> $ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 3 1 1 
> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"
> 6 is the protocol (tcp), 443 is the service (https).


Unfortunately…

```
$ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 3 1 1 
26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"
Value `6 443 3 1 1 
26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939' invalid for 
record type `BOX'

$ gnunet-namestore --version
gnunet-namestore v0.12.2 release
```

>From the code [1][], I could not guess what the correct format should be.

[1]: src/gnsrecord/plugin_gnsrecord_dns.c:656
     src/include/gnunet_gnsrecord_lib.h:297


> Still I wonder why you actually need that...

As Christian said, this might not be the cause of the problem, but it's part of
the investigation.

Anyway, thanks for your time!

-- 
Tanguy

Re: Contributing to GNUnet

Reply via email to