commit 40d0e28b5be15ff798a94b993dcf48de52393f7c
parent 8d8134fb7d41748bca8510055ba7f56fdc64017f
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Mon, 7 Mar 2022 19:45:59 +0100
-leakage consideration
Diffstat:
1 file changed, 39 insertions(+), 2 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -15,7 +15,7 @@
<!ENTITY RFC5890 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml">
<!ENTITY RFC5895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5895.xml">
<!ENTITY RFC6234 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6234.xml">
-<!-- <!ENTITY RFC6781 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6781.xml"> -->
+<!ENTITY RFC6761 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6761.xml">
<!ENTITY RFC6895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6895.xml">
<!ENTITY RFC6979 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6979.xml">
<!ENTITY RFC7363 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7363.xml">
@@ -2538,6 +2538,41 @@ NICK: john (Supplemental)
zone keys do become public during revocation.
</t>
</section>
+ <section>
+ <name>Name Leakage</name>
+ <t>
+ GNS names are indistiguishable from DNS names or other special-use
+ domain names <xref target="RFC6761"/>.
+ This poses a risk when trying to resolve a name through DNS when
+ it is actually a GNS name.
+ In such a case, the GNS name would be leaked as part of the DNS
+ resolution.
+ This risk is also present for special-use domain names which must be
+ handled before starting a DNS resolution request by the application.
+ </t>
+ <t>
+ Any application MUST take into consideration the user configuration
+ of resolution precedence when trying to resolve a name.
+ One example of such a configuration which at the same time allows
+ applications to delegate the resolution itself is the
+ Name Service Switch (NSS) of Unix-like operating systems.
+ It allows system administrators to configure host name resolution
+ precedence and is integrated with the system resolver implementation.
+ </t>
+ <t>
+ The order of resolution mechanisms to try is under the discretion
+ of the user or system administrator.
+ In the absence of an explicit configuration it is
+ <bcp14>RECOMMENDED</bcp14> that applications try to resolve
+ a given name in GNS before any other method in order to honor
+ potential TLD overrides in GNS by the user.
+ If no suffix-to-zone mapping for the name exists, resolution
+ <bcp14>MAY</bcp14> continue with other methods.
+ If a suffix-to-zone mapping exists for the name and the query
+ succeeds, fails or returns no results, resolution <bcp14>MUST NOT</bcp14>
+ continue by other means.
+ </t>
+ </section>
</section>
<section anchor="gana" numbered="true" toc="default">
<name>GANA Considerations</name>
@@ -2682,7 +2717,6 @@ Purpose | Name | References | Comment
&RFC6234;
&RFC6895;
&RFC6979;
- &RFC7706;
&RFC7748;
&RFC8032;
&RFC8126;
@@ -2788,6 +2822,9 @@ Purpose | Name | References | Comment
<!-- &RFC6781; -->
&RFC7363;
&RFC8324;
+ &RFC7706;
+ &RFC6761;
+
<!-- &RFC3912;-->
<reference anchor="Tor224" target="https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt#n2135">
