Dear all,
We are pleased to announce the release of GNUnet 0.10.0. This release
represents a major overhaul of the cryptographic primitives used by the
system. GNUnet used RSA 2048 since its inception in 2001, but as of
GNUnet 0.10.0, we are "powered by Curve25519". Naturally, changing
cryptographic primitives like this breaks backwards compatibility
entirely. We have used this opportunity to implement protocol
improvements all over the system. In terms of usability, users should be
aware that (1) compiling GNUnet requires recent versions of libraries
that were only released in December 2013 and are thus unlikely to be
available in common distributions, (2) the nascent network is tiny and
thus unlikely to provide good anonymity or extensive amounts of
interesting information, and (3) that we had limited time to test the
new code, especially in a real-world deployment. As a result, this
release is only suitable for early adopters with some reasonable pain
tolerance.
About GNUnet
============
GNUnet is a framework for secure peer-to-peer networking. GNUnet's
primary design goals are to protect the privacy of its users and to
guard itself against attacks or abuse. At this point, GNUnet offers four
primary applications on top of the framework:
The file-sharing service allows anonymous censorship-resistant
file-sharing. Files, searches and search results are encrypted to make
it hard to control, track or censor users. GNUnet's anonymity protocol
(gap) is designed to make it difficult to link users to their
file-sharing activities. Users can also individually trade-off between
performance and anonymity. Despite providing anonymity, GNUnet's
excess-based economy rewards contributing users with better performance.
The VPN service allows offering of services within GNUnet (using the
.gnu TLD) and can be used to tunnel IPv4 and IPv6 traffic over the P2P
network. The VPN can also be used for IP protocol translation (6-to-4,
4-to-6) and it is possible to tunnel IP traffic over GNUnet (6-over-4,
4-over-6). Note that at this stage, it is possible for peers to
determine the IP address at which services are hosted, so the VPN does
not offer anonymity.
The GNU Name System (GNS) provides a fully-decentralized and censorship
resistant replacement for DNS. GNS can be used alongside DNS and can be
integrated with legacy applications (such as traditional browsers) with
moderate effort. GNS provides censorship-resistance, memorable names and
cryptographic integrity protection for the records. Note that at this
stage, it is possible for a strong adversary to determine which peer is
responsible for a particular zone, GNS does not offer strong anonymity.
However, GNS offers query privacy, that is other participants can
typically not decrypt queries or replies.
GNUnet Conversation allows voice calls to be made over GNUnet. Users are
identified using GNS and voice data is encrypted. However, GNUnet
Conversation does not provide anonymity at this stage --- other peers
may observe a connection between the two endpoints and it is possible to
determine the IP address associated with a phone.
Other applications are still under development.
Key features of GNUnet include:
Works on GNU/Linux, FreeBSD, OS X and W32
P2P communication over TCP, UDP, HTTP (IPv4 or IPv6), HTTPS, WLAN or
Bluetooth
Communication can be restricted to friends (F2F mode)
Includes a general-purpose, secure distributed hash table
NAT traversal using UPnP, ICMP or manual hole-punching (possibly in
combination with DynDNS)
Small memory footprint (specifics depend on the configuration)
For developers, GNUnet offers:
Access to all subsystems via clean C APIs
Mostly written in C, but extensions possible in other languages
Multi-process architecture for fault-isolation between components
Use of event loop and processes instead of threads for ease of
development
Extensive logging and statistics facilities
Integrated testing library for automatic deployment of large-scale
experiments with tens of thousands of peers
Noteworthy improvements in 0.10.0
=================================
Improved documentation, including an extensive developer handbook
and a new post-installation tutorial with first-steps for users
New application: GNUnet Conversation
New combined multi-process GUI gnunet-gtk
New tool to create GNS Business Cards gnunet-bcd
New tool to import GNS QR codes gnunet-qr
Use of EdDSA and ECDHE instead of RSA for peer's public key cryptography
CORE connections now use perfect forward secrecy with 12h rotation
intervals
Use of ECDSA for GNU Name System and identity management
Unified identity management for GNS and File-sharing
KSK and SKS queries in file-sharing are now indistinguishable
Peers in F2F mode can use "do not gossip" flag to hide their
existence from non-friends entirely
End-to-end encrypted mesh tunnels
Flow- and congestion-control for mesh tunnels
Improved key revocation scheme for the GNU Name System
Improved query privacy for the GNU Name System
Improved name shortening for the GNU Name System
Improved handling of shadow records for the GNU Name System
The above is just the short list, our bugtracker lists over 350
individual issues that were resolved. It also contains a list of known
open issues that might be useful to consult.
Known Issues
We have a few issues that were reported by developers in the last week
that were most likely not resolved in the final release. Users should be
aware of these issues, which we hope to address shortly.
NAT traversal does not work as well as it should (feature), explicit
hole punching and specification of the external IP in the configuration
is advised
Timestamps in log files do not respect winter time (#3236)
When the HTTP(S) transport plugins are enabled, peers sometimes fail
to connect at all (#3238)
Rarely, the TCP transport plugin may cause a crash (#3232)
Bandwidth allocation among the neighbors of a peer seems to be
sometimes rather unfair (#3237)
Crashes in gnunet-fs-gtk (#3240) and the MESH service (#3239) were
reported but could not yet be reproduced
In addition to this list, you may also want to consult our bug tracker at
https://gnunet.org/bugs/.
Availability
============
The GNUnet 0.10.0 source code is available from all GNU FTP mirrors. The
GTK frontends (which includes the gnunet-setup tool) are a separate
download.
All known releases
https://gnunet.org/current-downloads
GNUnet on a FTP mirror near you
http://ftpmirror.gnu.org/gnunet/gnunet-0.10.0.tar.gz
GNUnet GTK on an FTP mirror near you
http://ftpmirror.gnu.org/gnunet/gnunet-gtk-0.10.0.tar.gz
GNUnet FUSE on an FTP mirror near you
http://ftpmirror.gnu.org/gnunet/gnunet-fuse-0.10.0.tar.gz
GNUnet on the primary GNU FTP server
ftp://ftp.gnu.org/pub/gnu/gnunet/gnunet-0.10.0.tar.gz
GNUnet GTK on the primary GNU FTP server
ftp://ftp.gnu.org/pub/gnu/gnunet/gnunet-gtk-0.10.0.tar.gz
GNUnet FUSE on the primary GNU FTP server
ftp://ftp.gnu.org/pub/gnu/gnunet/gnunet-fuse-0.10.0.tar.gz
Note that GNUnet is now started using "gnunet-arm -s". GNUnet should be
stopped using "gnunet-arm -e".
Thanks
======
This release was the work of many people. The following people
contributed code and were thus easily identified: Alejandra Morales,
Andreas Fuchs, Bart Polot, Bruno Cabral, Christian Fuchs, Christian
Grothoff, Claudiu Olteanu, David Barksdale, Fabian Oehlmann, Florian
Dold, Gabor X Toth, LRN, Martin Schanzenbach, Matthias Wachs, Maximilian
Szengel, Nils Durner, Simon Dieterle, Sree Harsha Totakura, Stephan A.
Posselt, and Werner Koch. Additionally, we thank Sébastien Moratinos,
Diana del Burgo, and gillux for their work on the website.
Further Information
===================
GNUnet Homepage
https://gnunet.org/
GNUnet Installation Handbook
https://gnunet.org/installation-handbook
GNUnet Forum
https://gnunet.org/forum
GNUnet Bug tracker
https://gnunet.org/bugs/
IRC
irc://irc.freenode.net/#gnunet
Thank you for your attention.
Happy hacking!
Christian
_______________________________________________
GNU Announcement mailing list <info-gnu@gnu.org>
https://lists.gnu.org/mailman/listinfo/info-gnu
