commit 2f1742300c110a92e643395fed5137451f17b11f
parent a03ea534b0a3d6fcfa7014c6e5c34b506e171902
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Fri, 18 Nov 2022 19:04:59 +0900
add .alt registry and change examples
Diffstat:
1 file changed, 119 insertions(+), 38 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -26,6 +26,7 @@
<!ENTITY RFC8032 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8032.xml">
<!ENTITY RFC8126 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8126.xml">
<!ENTITY RFC8174 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml">
+<!ENTITY RFC8244 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8244.xml">
<!ENTITY RFC8324 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8324.xml">
<!ENTITY RFC8499 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8499.xml">
<!ENTITY RFC9106 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9106.xml">
@@ -228,7 +229,10 @@
<xref target="Unicode-UTS46"/>.
A GNS name may be indistinguishable from a DNS name and care must
be taken by applications and implementors when handling GNS names
- (see <xref target="namespace_ambiguity"/>).
+ (see <xref target="namespace_ambiguity"/>). In the spirit of
+ <xref target="draft-ietf-dnsop-alt-tld"/>, this draft uses the suffix
+ ".gns.alt" in examples and reserves it in the GANA ".alt Subdomains"
+ registry <xref target="GANA"/>.
</dd>
<dt>Resolver</dt>
<dd>
@@ -358,7 +362,7 @@ example.000G006K2TJNMD9VTCYRX7BRVV3HAEPS15E6NHDXKPJA1KAJJEG9AFF884
globally unique name above but it is only valid locally:
</t>
<sourcecode>
-example.pet
+example.gns.alt
</sourcecode>
<t>
The delegation of petnames and subsequent resolution of delegation
@@ -561,7 +565,7 @@ example.pet
be defined in the future which replace or update the default ztypes defined in this
document.
All ztypes <bcp14>MUST</bcp14> be registered as dedicated zone delegation
- record types in the GNU Name System Record Types registry (see <xref target="GANA"/>).
+ record types in the GANA "GNS Record Types" registry (see <xref target="GANA"/>).
When defining new record types the cryptographic security considerations
of this document apply, in particular <xref target="security_cryptography"/>.
</t>
@@ -1030,7 +1034,7 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62]
This section defines the initial set of zone delegation record types.
Any implementation <bcp14>SHOULD</bcp14> support all zone types defined here and
<bcp14>MAY</bcp14> support any number of additional delegation records defined in
- the GNU Name System Record Types registry (see <xref target="GANA"/>).
+ the GANA "GNS Record Types" registry (see <xref target="GANA"/>).
Not supporting some zone types will result in resolution failures in case
the respective zone type is encountered.
This is be a valid choice if some zone delegation record types have been
@@ -2132,14 +2136,14 @@ Example name: www.example.<zTLD>
The following is a non-normative example mapping of start zones:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-Example name: www.example.org
+Example name: example.xyz.gns.alt
Local suffix mappings:
-org = zTLD0 := Base32GNS(ztype0||zk0)
-example.org = zTLD1 := Base32GNS(ztype1||zk1)
-example.com = zTLD2 := Base32GNS(ztype2||zk2)
+xyz.gns.alt = zTLD0 := Base32GNS(ztype0||zk0)
+example.xyz.gns.alt = zTLD1 := Base32GNS(ztype1||zk1)
+example.com.gns.alt = zTLD2 := Base32GNS(ztype2||zk2)
...
=> Start zone: zk1
-=> Name to resolve from start zone: www
+=> Name to resolve from start zone: @
]]></artwork>
<t>
The process given above <bcp14>MAY</bcp14> be supplemented with other mechanisms if
@@ -2415,7 +2419,7 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2)
authoritative zone. Consider the following example:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-Query: alice.example (type=A)
+Query: alice.example.gns.alt (type=A)
Result:
A: 192.0.2.1
NICK: eve (non-Supplemental)
@@ -2423,22 +2427,22 @@ NICK: eve (non-Supplemental)
<t>
In this example, the returned NICK record is non-supplemental.
For the application, this means that the NICK belongs to the zone
- "alice.example" and is published under the apex label along with an A
+ "alice.example.gns.alt" and is published under the apex label along with an A
record. The NICK record is interpreted as: The zone defined by
- "alice.example" wants to be referred to as "eve".
+ "alice.example.gns.alt" wants to be referred to as "eve".
In contrast, consider the following:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-Query: alice.example (type=AAAA)
+Query: alice.example.gns.alt (type=AAAA)
Result:
AAAA: 2001:DB8::1
NICK: john (Supplemental)
]]></artwork>
<t>
In this case, the NICK record is marked as supplemental. This means that
- the NICK record belongs to the zone "example" and is published under the
+ the NICK record belongs to the zone "example.gns.alt" and is published under the
label "alice" along with an A record. The NICK record should be
- interpreted as: The zone defined by "example" wants to be referred to as
+ interpreted as: The zone defined by "example.gns.alt" wants to be referred to as
"john". This distinction is likely useful for other records published as
supplemental.
</t>
@@ -2788,7 +2792,7 @@ NICK: john (Supplemental)
For applications, it is then ambiguous which name system should be
used in order to resolve a given name.
This poses a risk when trying to resolve a name through DNS when
- it is actually a GNS name.
+ it is actually a GNS name as discussed in <xref target="RFC8244"/>.
In such a case, the GNS name is likely to be leaked as part of the DNS
resolution.
</t>
@@ -2817,22 +2821,41 @@ NICK: john (Supplemental)
</t>
<t>
The user or system administrator <bcp14>MAY</bcp14> configure one or
- more unique suffixes for all suffix-to-zone mappings.
- If this suffix is a special-use domain name for GNS or an unreserved
- DNS TLD, this prevents namespace ambiguity through local configuration.
+ more unique suffixes for all suffix-to-zone mappings in the spirit
+ of <xref target="draft-ietf-dnsop-alt-tld"/>.
+ For this purpose, this draft creates a registry for subdomains under
+ the special-use top-level domain ".alt" <xref target="draft-ietf-dnsop-alt-tld"/>
+ in <xref target="gana"/>, and within it registers the subdomain ".gns.alt" for use with GNS in particular.
+ The use of the suffix ".gns.alt" is recommended in order to address
+ the issues raised in <xref target="RFC8244"/>.
</t>
</section>
</section>
<section anchor="gana" numbered="true" toc="default">
<name>GANA Considerations</name>
<t>
+ GANA has assigned signature purposes in its
+ "GNUnet Signature Purpose" registry as listed in
+ <xref target="figure_purposenums"/>.
+ </t>
+ <figure anchor="figure_purposenums" title="Requested Changes in the GANA GNUnet Signature Purpose Registry.">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+Purpose | Name | References | Comment
+--------+-----------------+------------+--------------------------
+ 3 | GNS_REVOCATION | [This.I-D] | GNS zone key revocation
+ 15 | GNS_RECORD_SIGN | [This.I-D] | GNS record set signature
+ ]]></artwork>
+ </figure>
+ <section anchor="gana_gnsrr">
+ <name>GNS Record Types Registry</name>
+ <t>
GANA <xref target="GANA" />
- manages the "GNU Name System Record Types" registry.
+ manages the "GNS Record Types" registry.
Each entry has the following format:
</t>
<ul>
<li>Name: The name of the record type (case-insensitive ASCII
- string, restricted to alphanumeric characters. For zone delegation
+ string, restricted to alphanumeric characters). For zone delegation
records, the assigned number represents the ztype value of the zone.</li>
<li>Number: 32-bit, above 65535</li>
<li>Comment: Optionally, a brief English text describing the purpose of
@@ -2877,29 +2900,75 @@ NICK: john (Supplemental)
<artwork name="" type="" align="left" alt=""><![CDATA[
Number | Name | Contact | References | Comment
-------+---------+---------+------------+-------------------------
-65536 | PKEY | N/A | [This.I-D] | GNS zone delegation (PKEY)
-65537 | NICK | N/A | [This.I-D] | GNS zone nickname
-65538 | LEHO | N/A | [This.I-D] | GNS legacy hostname
-65540 | GNS2DNS | N/A | [This.I-D] | Delegation to DNS
-65541 | BOX | N/A | [This.I-D] | Boxed records
-65551 | REDIRECT| N/A | [This.I-D] | Redirection record.
-65556 | EDKEY | N/A | [This.I-D] | GNS zone delegation (EDKEY)
+65536 | PKEY | (*) | [This.I-D] | GNS zone delegation (PKEY)
+65537 | NICK | (*) | [This.I-D] | GNS zone nickname
+65538 | LEHO | (*) | [This.I-D] | GNS legacy hostname
+65540 | GNS2DNS | (*) | [This.I-D] | Delegation to DNS
+65541 | BOX | (*) | [This.I-D] | Boxed records
+65551 | REDIRECT| (*) | [This.I-D] | Redirection record.
+65556 | EDKEY | (*) | [This.I-D] | GNS zone delegation (EDKEY)
+
+(*): gns-registry@gnunet.org
]]></artwork>
</figure>
+ </section>
+ <section anchor="gana_alt">
+ <name>.alt Subdomains Registry</name>
<t>
- GANA has assigned signature purposes in its
- "GNUnet Signature Purpose" registry as listed in
- <xref target="figure_purposenums"/>.
+ GANA <xref target="GANA" />
+ manages the ".alt Subdomains" registry.
+ Each entry has the following format:
</t>
- <figure anchor="figure_purposenums" title="Requested Changes in the GANA GNUnet Signature Purpose Registry.">
+ <ul>
+ <li>Name: The name of the subdomain (in UTF-8).</li>
+ <li>Comment: Optionally, a brief English text describing the purpose of
+ the subdomain (in UTF-8)</li>
+ <li>Contact: Optionally, the contact information of a person to contact for
+ further information.</li>
+ <li>References: Optionally, references describing the record type
+ (such as an RFC).</li>
+ </ul>
+ <t>
+ The registration policy for this registry is "First Come First
+ Served". This policy is modeled on that described in <xref target="RFC8126"/>,
+ and describes the actions taken by GANA:
+ </t>
+ <t>
+ <!-- FIXME: Unclear who are the experts how are they selected and
+ by whom? GNUnet e.V. Politbüro? The DAO?
+ Unreserved/Reserved for private use record type range? -->
+ Adding new records is possible after expert review, using a
+ first-come-first-served policy for unique name allocation.
+ Experts are responsible to ensure that the chosen "Subdomain" is
+ appropriate for the purpose.
+ </t>
+ <t>
+ The current contact(s) for expert review are reachable at
+ gns-registry@gnunet.org.
+ </t>
+ <t>
+ Any request <bcp14>MUST</bcp14> contain a unique subdomain and a point of contact.
+ The contact information <bcp14>MAY</bcp14> be added to the registry given the consent
+ of the requester.
+ The request <bcp14>MAY</bcp14> optionally also contain relevant references as well
+ as a descriptive comment as defined above.
+ </t>
+ <t>
+ GANA has assigned subdomain defined in this
+ specification in the ".alt subdomains" registry
+ as listed in <xref target="figure_altsubdomains"/>.
+ </t>
+ <figure anchor="figure_altsubdomains" title="The GANA .alt Subdomains Registry.">
<artwork name="" type="" align="left" alt=""><![CDATA[
-Purpose | Name | References | Comment
---------+-----------------+------------+--------------------------
- 3 | GNS_REVOCATION | [This.I-D] | GNS zone key revocation
- 15 | GNS_RECORD_SIGN | [This.I-D] | GNS record set signature
+Subdomain | Contact | References | Comment
+----------+---------+------------+----------------------------
+gns | (*) | [This.I-D] | The .alt subdomain for GNS.
+
+(*): gns-registry@gnunet.org
]]></artwork>
</figure>
</section>
+ </section>
<!-- gana -->
<section>
<name>IANA Considerations</name>
@@ -3014,10 +3083,11 @@ Purpose | Name | References | Comment
</abstract>
</front>
</reference>-->
- <reference anchor="CrockfordB32" target="https://www.crockford.com/base32.html">
+ <!-- FIXME replace with RFC -->
+ <reference anchor="CrockfordB32" target="https://www.crockford.com/base32.html">
<front>
<title>Base32</title>
- <author initials="D." surname="Douglas" fullname="Crockford">
+ <author initials="D." surname="Douglas" fullname="Douglas Crockford">
</author>
<date year="2019" month="March"/>
@@ -3076,8 +3146,19 @@ Purpose | Name | References | Comment
&RFC8324;
&RFC8806;
&RFC6761;
+ &RFC8244;
<!-- &RFC3912;-->
+ <reference anchor="draft-ietf-dnsop-alt-tld" target="https://datatracker.ietf.org/doc/draft-ietf-dnsop-alt-tld/">
+ <front>
+ <title>The ALT Special Use Top Level Domain </title>
+ <author initials="W." surname="Kumari" fullname="Warren Kumari">
+ </author>
+ <author initials="P." surname="Hoffman" fullname="Paul Hoffman">
+ </author>
+ <date year="2019" month="March"/>
+ </front>
+ </reference>
<reference anchor="Tor224" target="https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt#n2135">
<front>
