lsd0001

LSD0001: GNU Name System
Log | Files | Refs | README
commit 1c7195b13b6288ada1fb982d9817945aacb707b4
parent 57045d2b7c095481650048c19bf9e194463f7983
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Fri, 25 Feb 2022 19:50:47 +0100

fix supplemental records with ZDs and redirs

Diffstat:

Mdraft-schanzen-gns.xml | 16+++++++++++++---


1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -938,7 +938,10 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62]
        A zone delegation record payload contains the public key of
        the zone to delegate to.
        A zone delegation record <bcp14>MUST</bcp14> have the CRTITICAL flag set
-       and <bcp14>MUST</bcp14> be the only record under a label.
+       and <bcp14>MUST</bcp14> be the only non-supplemental record under a label.
+       There <bcp14>MAY</bcp14> be inactive records of the same type which have
+       the SHADOW flag set in order to facilitate smooth key rollovers.
+       flag set
        No other records are allowed.
      </t>
      <section anchor="gnsrecords_pkey" numbered="true" toc="default">
@@ -1404,7 +1407,11 @@ S-Decrypt(zk,label,expiration,ciphertext):
        <name>REDIRECT</name>
        <t>
          A REDIRECT record is the GNS equivalent of a CNAME record in DNS.
-         A REDIRECT record <bcp14>MUST</bcp14> be the only record under a label.
+         A REDIRECT record <bcp14>MUST</bcp14> be the only non-supplemental
+         record under a label.
+         There <bcp14>MAY</bcp14> be inactive records of the same type which have
+         the SHADOW flag set in order to facilitate smooth changes of redirection
+         targets.
          No other records are allowed.
          Details on processing of this record is defined in <xref target="redirect_processing"/>.
 
@@ -1443,7 +1450,10 @@ S-Decrypt(zk,label,expiration,ciphertext):
          There <bcp14>MAY</bcp14> be multiple GNS2DNS records under a label.
          There <bcp14>MAY</bcp14> also be DNSSEC DS records or any other records used to
          secure the connection with the DNS servers under the same label.
-         No other record types are allowed in the same record set.
+         There <bcp14>MAY</bcp14> be inactive records of the same type(s) which have
+         the SHADOW flag set in order to facilitate smooth changes of redirection
+         targets.
+         No other non-supplemental record types are allowed in the same record set.
          A GNS2DNS DATA entry is illustrated in <xref target="figure_gns2dnsrecord"/>.</t>
        <figure anchor="figure_gns2dnsrecord" title="The GNS2DNS DATA Wire Format.">
          <artwork name="" type="" align="left" alt=""><![CDATA[