commit 3fd1c3f7787f7672e91c54c377177bd062b23fa5
parent 98ce51c39efce2bf98a87a2dfe4b7263a4187c6c
Author: Schanzenbach, Martin <mschanzenbach@posteo.de>
Date: Mon, 20 Apr 2020 08:29:26 +0200
minor fix; TTL clarifiation
Diffstat:
3 files changed, 76 insertions(+), 68 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
@@ -2521,7 +2521,11 @@ table {
<dt id="section-7-14.3">TTL</dt>
<dd id="section-7-14.4">
denotes the relative 64-bit time to live of of the record in
- microseconds also in network byte order.<a href="#section-7-14.4" class="pilcrow">¶</a>
+ microseconds also in network byte order. This field is informational
+ for a verifier. The verifier may discard revocation of the TTL
+ indicates that it is already expired. However, the actual TTL of the
+ revocation must be determined by examining the leading zeros in the
+ proof of work calculation.<a href="#section-7-14.4" class="pilcrow">¶</a>
</dd>
<dt id="section-7-14.5">POW_i</dt>
<dd id="section-7-14.6">
@@ -2573,7 +2577,7 @@ table {
<li id="section-7.1-2.4">The average number of leading zeroes resulting from the provided
POW values D' MUST be greater than or equal to D.<a href="#section-7.1-2.4" class="pilcrow">¶</a>
</li>
-<li id="section-7.1-2.5">The actual expiration time TIMESTAMP + (D'-D+1) * 365 days
+<li id="section-7.1-2.5">The actual expiration time TIMESTAMP + (D'-D) * 365 days
is in the future.<a href="#section-7.1-2.5" class="pilcrow">¶</a>
</li>
</ol>
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -87,7 +87,7 @@ Table of Contents
7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19
7.1. Verification . . . . . . . . . . . . . . . . . . . . . . 23
8. Determining the Root Zone and Zone Governance . . . . . . . . 23
- 9. Security Considerations . . . . . . . . . . . . . . . . . . . 24
+ 9. Security Considerations . . . . . . . . . . . . . . . . . . . 25
9.1. Revocations . . . . . . . . . . . . . . . . . . . . . . . 25
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 26
@@ -1216,15 +1216,15 @@ Internet-Draft The GNU Name System November 2019
1970 in network byte order.
TTL denotes the relative 64-bit time to live of of the record in
- microseconds also in network byte order.
+ microseconds also in network byte order. This field is
+ informational for a verifier. The verifier may discard revocation
+ of the TTL indicates that it is already expired. However, the
+ actual TTL of the revocation must be determined by examining the
+ leading zeros in the proof of work calculation.
POW_i The POWs calculated as part of the proof-of-work. Each POW_i
MUST be unique in the set of POW values.
- SIGNATURE A 512-bit ECDSA deterministic signature compliant with
- [RFC6979] over the public zone zk of the zone which is revoked and
- corresponds to the key used in the proof-of-work. The signature
- is created using the private zone key "d" (see Section 2).
@@ -1234,6 +1234,11 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 22]
Internet-Draft The GNU Name System November 2019
+ SIGNATURE A 512-bit ECDSA deterministic signature compliant with
+ [RFC6979] over the public zone zk of the zone which is revoked and
+ corresponds to the key used in the proof-of-work. The signature
+ is created using the private zone key "d" (see Section 2).
+
SIZE A 32-bit value containing the length of the signed data in
bytes (36 bytes) in network byte order.
@@ -1258,7 +1263,7 @@ Internet-Draft The GNU Name System November 2019
4. The average number of leading zeroes resulting from the provided
POW values D' MUST be greater than or equal to D.
- 5. The actual expiration time TIMESTAMP + (D'-D+1) * 365 days is in
+ 5. The actual expiration time TIMESTAMP + (D'-D) * 365 days is in
the future.
8. Determining the Root Zone and Zone Governance
@@ -1277,11 +1282,6 @@ Internet-Draft The GNU Name System November 2019
System where root zone governance is centralized at the Internet
Corporation for Assigned Names and Numbers (ICANN). In DNS
terminology, GNS roughly follows the idea of a hyper-hyper local root
- zone deployment, with the difference that it is not expected that all
- deployments use the same local root zone.
-
- In the following, we give examples how a local client resolver SHOULD
- discover the start zone. The process given is not exhaustive and
@@ -1290,6 +1290,11 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 23]
Internet-Draft The GNU Name System November 2019
+ zone deployment, with the difference that it is not expected that all
+ deployments use the same local root zone.
+
+ In the following, we give examples how a local client resolver SHOULD
+ discover the start zone. The process given is not exhaustive and
clients MAY suppliement it with other mechanisms or ignore it if the
particular application requires a different process.
@@ -1327,6 +1332,20 @@ Internet-Draft The GNU Name System November 2019
a locally managed zone and a configuration entry exist for the same
suffix, the locally managed zone MUST have priority.
+
+
+
+
+
+
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 24]
+�
+Internet-Draft The GNU Name System November 2019
+
+
Example name: www.example.gnu
Local suffix mappings:
gnu = zk0
@@ -1338,14 +1357,6 @@ Internet-Draft The GNU Name System November 2019
9. Security Considerations
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 24]
-�
-Internet-Draft The GNU Name System November 2019
-
-
9.1. Revocations
Revocation payloads do NOT include a 'new' key for key replacement.
@@ -1382,17 +1393,6 @@ Internet-Draft The GNU Name System November 2019
* Contact: The contact information of a person to contact for
further information
- * References: Optionally, references describing the record type
- (such as an RFC)
-
- The registration policy for this sub-registry is "First Come First
- Served", as described in [RFC8126]. IANA is requested to populate
- this registry as follows:
-
-
-
-
-
@@ -1402,6 +1402,13 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 25]
Internet-Draft The GNU Name System November 2019
+ * References: Optionally, references describing the record type
+ (such as an RFC)
+
+ The registration policy for this sub-registry is "First Come First
+ Served", as described in [RFC8126]. IANA is requested to populate
+ this registry as follows:
+
Number | Type | Contact | References
---------+-----------------+---------+---------
65536 | PKEY | N/A | [This.I-D]
@@ -1443,13 +1450,6 @@ Internet-Draft The GNU Name System November 2019
6668e9f684f4dc33
6d656b27392b0fee
- d_h :=
- 01fb61f482c17633
- 77611c4c2509e0f3
- 81b0e7e4405c10bd
- 0017c802f7d32e18
-
- q (query key) :=
@@ -1458,6 +1458,13 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 26]
Internet-Draft The GNU Name System November 2019
+ d_h :=
+ 01fb61f482c17633
+ 77611c4c2509e0f3
+ 81b0e7e4405c10bd
+ 0017c802f7d32e18
+
+ q (query key) :=
6fce4deddc5ad681
f4e29a3310767e3b
8b38bc1b276ce2ba
@@ -1499,13 +1506,6 @@ Internet-Draft The GNU Name System November 2019
00000000
- RRBLOCK :=
- 055cb070e05fe6de SIGNATURE
- ad694a50e5b4dedd
- b9fdcbdbae004f65
- afc99ba9c5a3bb54
- 07e731a34680ee33
- ae0de7bfeda7d2b7
@@ -1514,6 +1514,13 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 27]
Internet-Draft The GNU Name System November 2019
+ RRBLOCK :=
+ 055cb070e05fe6de SIGNATURE
+ ad694a50e5b4dedd
+ b9fdcbdbae004f65
+ afc99ba9c5a3bb54
+ 07e731a34680ee33
+ ae0de7bfeda7d2b7
8c6b854a008b1b54
10df4f39f5ba9f46____________
8cb514a56c0eaae0 zk_h
@@ -1556,13 +1563,6 @@ Internet-Draft The GNU Name System November 2019
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
2003, <https://www.rfc-editor.org/info/rfc3629>.
- [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The
- Advanced Encryption Standard (AES) Cipher Algorithm in the
- SNMP User-based Security Model", RFC 3826,
- DOI 10.17487/RFC3826, June 2004,
- <https://www.rfc-editor.org/info/rfc3826>.
-
-
Schanzenbach, et al. Expires 13 May 2020 [Page 28]
@@ -1570,6 +1570,12 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 28]
Internet-Draft The GNU Name System November 2019
+ [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The
+ Advanced Encryption Standard (AES) Cipher Algorithm in the
+ SNMP User-based Security Model", RFC 3826,
+ DOI 10.17487/RFC3826, June 2004,
+ <https://www.rfc-editor.org/info/rfc3826>.
+
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010,
@@ -1611,12 +1617,6 @@ Internet-Draft The GNU Name System November 2019
[TWOFISH] Schneier, B., "The Twofish Encryptions Algorithm: A
128-Bit Block Cipher, 1st Edition", March 1999.
- [Argon2] Biryukov, A., Dinu, D., Khovratovich, D., and S.
- Josefsson, "The memory-hard Argon2 password hash and
- proof-of-work function", March 2020,
- <https://datatracker.ietf.org/doc/draft-irtf-cfrg-
- argon2/>.
-
@@ -1626,6 +1626,12 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 29]
Internet-Draft The GNU Name System November 2019
+ [Argon2] Biryukov, A., Dinu, D., Khovratovich, D., and S.
+ Josefsson, "The memory-hard Argon2 password hash and
+ proof-of-work function", March 2020,
+ <https://datatracker.ietf.org/doc/draft-irtf-cfrg-
+ argon2/>.
+
Authors' Addresses
Martin Schanzenbach
@@ -1671,10 +1677,4 @@ Authors' Addresses
-
-
-
-
-
-
Schanzenbach, et al. Expires 13 May 2020 [Page 30]
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -1256,7 +1256,11 @@
<dt>TTL</dt>
<dd>
denotes the relative 64-bit time to live of of the record in
- microseconds also in network byte order.
+ microseconds also in network byte order. This field is informational
+ for a verifier. The verifier may discard revocation of the TTL
+ indicates that it is already expired. However, the actual TTL of the
+ revocation must be determined by examining the leading zeros in the
+ proof of work calculation.
</dd>
<dt>POW_i</dt>
<dd>
@@ -1302,7 +1306,7 @@
<li>The set of POW values MUST NOT contain duplicates.</li>
<li>The average number of leading zeroes resulting from the provided
POW values D' MUST be greater than or equal to D.</li>
- <li>The actual expiration time TIMESTAMP + (D'-D+1) * 365 days
+ <li>The actual expiration time TIMESTAMP + (D'-D) * 365 days
is in the future.</li>
</ol>
</section>
