commit 2b4e6b51aaae192e278db279b5d7cbae6585c2ff
parent 97419af29dda19821b36115777b06ac349f3063c
Author: Schanzenbach, Martin <mschanzenbach@posteo.de>
Date: Sat, 5 Oct 2019 12:36:36 +0200
more resolution
Diffstat:
3 files changed, 137 insertions(+), 70 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
@@ -1959,7 +1959,40 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<section id="section-6.2">
<h3 id="name-recursive-resolution">
<a href="#section-6.2" class="section-number selfRef">6.2. </a><a href="#name-recursive-resolution" class="section-name selfRef">Recursive Resolution</a>
- </h3>
+ </h3>
+<p id="section-6.2-1">
+ In order to resolve a name in GNS, a type MAY be given.
+ However, filtering of record results according to type is done after
+ the resource record set is retrieved.<a href="#section-6.2-1" class="pilcrow">¶</a></p>
+<p id="section-6.2-2">
+ In each step of the recursive name resolution, there is an
+ authoritative zone zk and a name to resolve which may be empty.
+ Initially, the authoritative zone is the entry zone. If the name
+ is empty, it is interpreted as the apex label "@".<a href="#section-6.2-2" class="pilcrow">¶</a></p>
+<ol start="1" type="1" class="normal" id="section-6.2-3">
+ <li id="section-6.2-3.1">Extract the right-most label from the name to look up.<a href="#section-6.2-3.1" class="pilcrow">¶</a>
+</li>
+ <li id="section-6.2-3.2">Calculate q using the label and zk.<a href="#section-6.2-3.2" class="pilcrow">¶</a>
+</li>
+ <li id="section-6.2-3.3">Perform a DHT query GET(q) to retrieve the record set.<a href="#section-6.2-3.3" class="pilcrow">¶</a>
+</li>
+ <li id="section-6.2-3.4">Decrypt and verify the record set.<a href="#section-6.2-3.4" class="pilcrow">¶</a>
+</li>
+ </ol>
+<p id="section-6.2-4">
+ If the remainder of the name to resolve is not empty, the records
+ result MUST consist of a single PKEY record. The recursion is then
+ continued with the PKEY record value as new authoritative zone.<a href="#section-6.2-4" class="pilcrow">¶</a></p>
+<p id="section-6.2-5">
+ If the remainder of the name to resolve is empty but we have received
+ a record set containing only a single PKEY record, the recursion is
+ continued with the PKEY as authoritative zone and the empty apex
+ label "@" as remaining name. If the record type to be resolved is
+ PKEY, the PKEY record set is returned and the resolution is concluded.<a href="#section-6.2-5" class="pilcrow">¶</a></p>
+<p id="section-6.2-6">
+ If the remainder of the name to resolve is empty and the records set
+ does not consist of a PKEY record, the record set is the result and
+ the resolution is concluded.<a href="#section-6.2-6" class="pilcrow">¶</a></p>
</section>
</div>
</section>
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -77,11 +77,11 @@ Table of Contents
6.1. Entry Zone . . . . . . . . . . . . . . . . . . . . . . . 14
6.2. Recursive Resolution . . . . . . . . . . . . . . . . . . 15
7. Namespace Revocation . . . . . . . . . . . . . . . . . . . . 15
- 8. Security Considerations . . . . . . . . . . . . . . . . . . . 15
- 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
- 10. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 15
- 11. Normative References . . . . . . . . . . . . . . . . . . . . 17
- Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18
+ 8. Security Considerations . . . . . . . . . . . . . . . . . . . 16
+ 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
+ 10. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 16
+ 11. Normative References . . . . . . . . . . . . . . . . . . . . 18
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction
@@ -797,10 +797,51 @@ Internet-Draft The GNU Name System July 2019
6.2. Recursive Resolution
+ In order to resolve a name in GNS, a type MAY be given. However,
+ filtering of record results according to type is done after the
+ resource record set is retrieved.
+
+ In each step of the recursive name resolution, there is an
+ authoritative zone zk and a name to resolve which may be empty.
+ Initially, the authoritative zone is the entry zone. If the name is
+ empty, it is interpreted as the apex label "@".
+
+ 1. Extract the right-most label from the name to look up.
+
+ 2. Calculate q using the label and zk.
+
+ 3. Perform a DHT query GET(q) to retrieve the record set.
+
+ 4. Decrypt and verify the record set.
+
+ If the remainder of the name to resolve is not empty, the records
+ result MUST consist of a single PKEY record. The recursion is then
+ continued with the PKEY record value as new authoritative zone.
+
+ If the remainder of the name to resolve is empty but we have received
+ a record set containing only a single PKEY record, the recursion is
+ continued with the PKEY as authoritative zone and the empty apex
+ label "@" as remaining name. If the record type to be resolved is
+ PKEY, the PKEY record set is returned and the resolution is
+ concluded.
+
+ If the remainder of the name to resolve is empty and the records set
+ does not consist of a PKEY record, the record set is the result and
+ the resolution is concluded.
+
7. Namespace Revocation
TODO
+
+
+
+
+Schanzenbach, et al. Expires 24 January 2020 [Page 15]
+�
+Internet-Draft The GNU Name System July 2019
+
+
8. Security Considerations
TODO
@@ -834,14 +875,6 @@ Internet-Draft The GNU Name System July 2019
5e7c80b1416f8ca6
dc50ce8e1fb759b9
fedcdcf546c17e9b
-
-
-
-Schanzenbach, et al. Expires 24 January 2020 [Page 15]
-�
-Internet-Draft The GNU Name System July 2019
-
-
4c4f23632855c053
6668e9f684f4dc33
6d656b27392b0fee
@@ -857,6 +890,14 @@ Internet-Draft The GNU Name System July 2019
f4e29a3310767e3b
8b38bc1b276ce2ba
9bf1b49df1e120a3
+
+
+
+Schanzenbach, et al. Expires 24 January 2020 [Page 16]
+�
+Internet-Draft The GNU Name System July 2019
+
+
20ecc9dffb68416f
11729ad878ad3bdf
d0b4db2626b620d7
@@ -890,14 +931,6 @@ Internet-Draft The GNU Name System July 2019
6578616d706c6503 example | 3
636f6d0000000000 com | \0 | Followed by
0000000000000000 24 bytes of padding to 2^6
-
-
-
-Schanzenbach, et al. Expires 24 January 2020 [Page 16]
-�
-Internet-Draft The GNU Name System July 2019
-
-
0000000000000000
00000000
@@ -913,6 +946,14 @@ Internet-Draft The GNU Name System July 2019
10df4f39f5ba9f46____________
8cb514a56c0eaae0 zk_h
56745158a63ee4dd
+
+
+
+Schanzenbach, et al. Expires 24 January 2020 [Page 17]
+�
+Internet-Draft The GNU Name System July 2019
+
+
76853cb9545e326e
76d7fa920f818291____________
000000540000000f SIZE (=84) | PURPOSE (=15)
@@ -946,14 +987,6 @@ Internet-Draft The GNU Name System July 2019
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
2003, <https://www.rfc-editor.org/info/rfc3629>.
-
-
-
-Schanzenbach, et al. Expires 24 January 2020 [Page 17]
-�
-Internet-Draft The GNU Name System July 2019
-
-
[RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The
Advanced Encryption Standard (AES) Cipher Algorithm in the
SNMP User-based Security Model", RFC 3826,
@@ -970,6 +1003,13 @@ Internet-Draft The GNU Name System July 2019
RFC 5890, DOI 10.17487/RFC5890, August 2010,
<https://www.rfc-editor.org/info/rfc5890>.
+
+
+Schanzenbach, et al. Expires 24 January 2020 [Page 18]
+�
+Internet-Draft The GNU Name System July 2019
+
+
[RFC6895] Eastlake 3rd, D., "Domain Name System (DNS) IANA
Considerations", BCP 42, RFC 6895, DOI 10.17487/RFC6895,
April 2013, <https://www.rfc-editor.org/info/rfc6895>.
@@ -1002,14 +1042,6 @@ Authors' Addresses
Email: schanzen@gnunet.org
-
-
-
-Schanzenbach, et al. Expires 24 January 2020 [Page 18]
-�
-Internet-Draft The GNU Name System July 2019
-
-
Christian Grothoff
Berner Fachhochschule
Hoeheweg 80
@@ -1029,36 +1061,4 @@ Internet-Draft The GNU Name System July 2019
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Schanzenbach, et al. Expires 24 January 2020 [Page 19]
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -810,6 +810,40 @@
</section>
<section anchor="recursion" numbered="true" toc="default">
<name>Recursive Resolution</name>
+ <t>
+ In order to resolve a name in GNS, a type MAY be given.
+ However, filtering of record results according to type is done after
+ the resource record set is retrieved.
+ </t>
+ <t>
+ In each step of the recursive name resolution, there is an
+ authoritative zone zk and a name to resolve which may be empty.
+ Initially, the authoritative zone is the entry zone. If the name
+ is empty, it is interpreted as the apex label "@".
+ </t>
+ <ol>
+ <li>Extract the right-most label from the name to look up.</li>
+ <li>Calculate q using the label and zk.</li>
+ <li>Perform a DHT query GET(q) to retrieve the record set.</li>
+ <li>Decrypt and verify the record set.</li>
+ </ol>
+ <t>
+ If the remainder of the name to resolve is not empty, the records
+ result MUST consist of a single PKEY record. The recursion is then
+ continued with the PKEY record value as new authoritative zone.
+ </t>
+ <t>
+ If the remainder of the name to resolve is empty but we have received
+ a record set containing only a single PKEY record, the recursion is
+ continued with the PKEY as authoritative zone and the empty apex
+ label "@" as remaining name. If the record type to be resolved is
+ PKEY, the PKEY record set is returned and the resolution is concluded.
+ </t>
+ <t>
+ If the remainder of the name to resolve is empty and the records set
+ does not consist of a PKEY record, the record set is the result and
+ the resolution is concluded.
+ </t>
</section>
</section>
