commit 507c2cceeedfe0fcfcad068484c3454a59b44fa7
parent 03b3e2be35fe8759eb766b8cdd204cf624a4ccec
Author: Schanzenbach, Martin <mschanzenbach@posteo.de>
Date: Thu, 3 Oct 2019 22:05:00 +0200
add some idna, utf-8
Diffstat:
3 files changed, 74 insertions(+), 57 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
@@ -1483,7 +1483,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
| |
| |
+-----+-----+-----+-----+-----+-----+-----+-----+
- | BDATA SIZE | PURPOSE |
+ | SIZE | PURPOSE |
+-----+-----+-----+-----+-----+-----+-----+-----+
| EXPIRATION |
+-----+-----+-----+-----+-----+-----+-----+-----+
@@ -1511,10 +1511,12 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
wire format of this value is defined in <span>[<a href="#RFC8032" class="xref">RFC8032</a>]</span>,
Section 5.1.5.<a href="#section-4.2-4.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.5">BDATA SIZE</dt>
+ <dt id="section-4.2-4.5">SIZE</dt>
<dd id="section-4.2-4.6">
- A 32-bit value containing the length of the following data (PURPOSE,
- EXPIRATION, BDATA) in network byte order.<a href="#section-4.2-4.6" class="pilcrow">¶</a>
+ A 32-bit value containing the length of the signed data following the
+ PUBLIC KEY field in network byte order. This value always includes the
+ length of the fields SIZE (4), PURPOSE (4) and EXPIRATION (8) in
+ addition to the length of the BDATA.<a href="#section-4.2-4.6" class="pilcrow">¶</a>
</dd>
<dt id="section-4.2-4.7">PURPOSE</dt>
<dd id="section-4.2-4.8">
@@ -1531,7 +1533,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
</dd>
<dt id="section-4.2-4.11">BDATA</dt>
<dd id="section-4.2-4.12">
- The encrypted resource records with a total size of "BDATA SIZE".<a href="#section-4.2-4.12" class="pilcrow">¶</a>
+ The encrypted resource records with a total size of SIZE - 16.<a href="#section-4.2-4.12" class="pilcrow">¶</a>
</dd>
</dl>
<p id="section-4.2-5">
@@ -1684,7 +1686,10 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-internationalization-and-ch" class="section-name selfRef">Internationalization and Character Encoding</a>
</h2>
<p id="section-5-1">
- TODO<a href="#section-5-1" class="pilcrow">¶</a></p>
+ All labels in GNS are encoded in UTF-8 <span>[<a href="#RFC3629" class="xref">RFC3629</a>]</span>.
+ This does not include any DNS names found in DNS records, e.g. CNAME
+ records, which are internationalized through the IDNA specifications
+ <span>[<a href="#RFC5890" class="xref">RFC5890</a>]</span>.<a href="#section-5-1" class="pilcrow">¶</a></p>
</section>
</div>
<div id="security">
@@ -1831,7 +1836,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
7bc65a676b7a6d23 ||
b2ef300f7fc70058 \/
059e7f29e594b5c1____________
- 000000570000000f BDATA SIZE (=87) | PURPOSE (=15)
+ 000000570000000f SIZE (=87) | PURPOSE (=15)
0005af87005b9140 EXPIRATION
5fb6552e3959ff9f BDATA
d80c1b0213dc7ef1 ||
@@ -1856,11 +1861,17 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<dt id="RFC1035">[RFC1035]</dt>
<dd>
<span class="refAuthor">Mockapetris, P.</span>, <span class="refTitle">"Domain names - implementation and specification"</span>, <span class="seriesInfo">STD 13</span>, <span class="seriesInfo">RFC 1035</span>, <span class="seriesInfo">DOI 10.17487/RFC1035</span>, <time datetime="1987-11">November 1987</time>, <span><<a href="https://www.rfc-editor.org/info/rfc1035">https://www.rfc-editor.org/info/rfc1035</a>></span>. </dd>
+<dt id="RFC3629">[RFC3629]</dt>
+ <dd>
+<span class="refAuthor">Yergeau, F.</span>, <span class="refTitle">"UTF-8, a transformation format of ISO 10646"</span>, <span class="seriesInfo">STD 63</span>, <span class="seriesInfo">RFC 3629</span>, <span class="seriesInfo">DOI 10.17487/RFC3629</span>, <time datetime="2003-11">November 2003</time>, <span><<a href="https://www.rfc-editor.org/info/rfc3629">https://www.rfc-editor.org/info/rfc3629</a>></span>. </dd>
<dt id="RFC5869">[RFC5869]</dt>
<dd>
<span class="refAuthor">Krawczyk, H.</span><span class="refAuthor"> and P. Eronen</span>, <span class="refTitle">"
HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
"</span>, <span class="seriesInfo">RFC 5869</span>, <span class="seriesInfo">DOI 10.17487/RFC5869</span>, <time datetime="2010-05">May 2010</time>, <span><<a href="https://www.rfc-editor.org/info/rfc5869">https://www.rfc-editor.org/info/rfc5869</a>></span>. </dd>
+<dt id="RFC5890">[RFC5890]</dt>
+ <dd>
+<span class="refAuthor">Klensin, J.</span>, <span class="refTitle">"Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework"</span>, <span class="seriesInfo">RFC 5890</span>, <span class="seriesInfo">DOI 10.17487/RFC5890</span>, <time datetime="2010-08">August 2010</time>, <span><<a href="https://www.rfc-editor.org/info/rfc5890">https://www.rfc-editor.org/info/rfc5890</a>></span>. </dd>
<dt id="RFC6979">[RFC6979]</dt>
<dd>
<span class="refAuthor">Pornin, T.</span>, <span class="refTitle">"
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -74,7 +74,7 @@ Table of Contents
5. Internationalization and Character Encoding . . . . . . . . . 10
6. Security Considerations . . . . . . . . . . . . . . . . . . . 10
7. Record Resolution . . . . . . . . . . . . . . . . . . . . . . 10
- 8. Namespace Revocation . . . . . . . . . . . . . . . . . . . . 10
+ 8. Namespace Revocation . . . . . . . . . . . . . . . . . . . . 11
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
10. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 11
11. Normative References . . . . . . . . . . . . . . . . . . . . 13
@@ -361,7 +361,7 @@ Internet-Draft The GNU Name System July 2019
| |
| |
+-----+-----+-----+-----+-----+-----+-----+-----+
- | BDATA SIZE | PURPOSE |
+ | SIZE | PURPOSE |
+-----+-----+-----+-----+-----+-----+-----+-----+
| EXPIRATION |
+-----+-----+-----+-----+-----+-----+-----+-----+
@@ -383,8 +383,8 @@ Internet-Draft The GNU Name System July 2019
SIGNATURE. The wire format of this value is defined in [RFC8032],
Section 5.1.5.
- BDATA SIZE A 32-bit value containing the length of the following
- data (PURPOSE, EXPIRATION, BDATA) in network byte order.
+ SIZE A 32-bit value containing the length of the signed data
+ following the PUBLIC KEY field in network byte order. This value
@@ -394,6 +394,9 @@ Schanzenbach, et al. Expires 24 January 2020 [Page 7]
Internet-Draft The GNU Name System July 2019
+ always includes the length of the fields SIZE (4), PURPOSE (4) and
+ EXPIRATION (8) in addition to the length of the BDATA.
+
PURPOSE A 32-bit signature purpose flag. This field MUST be 15 (in
network byte order).
@@ -403,8 +406,7 @@ Internet-Draft The GNU Name System July 2019
in microseconds since midnight (0 hour), January 1, 1970 in
network byte order.
- BDATA The encrypted resource records with a total size of "BDATA
- SIZE".
+ BDATA The encrypted resource records with a total size of SIZE - 16.
We note that even though we use a Ed25519 private key, the public key
is derived using ECDSA as defined in [RFC8032]. Similarly, the ECDSA
@@ -439,9 +441,7 @@ Internet-Draft The GNU Name System July 2019
K := HKDF-Expand (PRK_k, label, 512 / 8);
IV := HKDF-Expand (PRK_iv, label, 256 / 8)
- We use a hash-based key derivation function (HKDF) as defined in
- [RFC5869]. We use HMAC-SHA512 for the extraction phase and HMAC-
- SHA256 for the expansion phase. The output keying material is 64
+
@@ -450,6 +450,9 @@ Schanzenbach, et al. Expires 24 January 2020 [Page 8]
Internet-Draft The GNU Name System July 2019
+ We use a hash-based key derivation function (HKDF) as defined in
+ [RFC5869]. We use HMAC-SHA512 for the extraction phase and HMAC-
+ SHA256 for the expansion phase. The output keying material is 64
octets (512 bit) for the symmetric keys and 32 octets (256 bit) for
the initialization vector. We divide the resulting keying material
"K" into a 256-bit AES key "Kaes" and a 256-bit TWOFISH key "Ktwo":
@@ -498,9 +501,6 @@ Internet-Draft The GNU Name System July 2019
-
-
-
Schanzenbach, et al. Expires 24 January 2020 [Page 9]
�
Internet-Draft The GNU Name System July 2019
@@ -540,7 +540,10 @@ Internet-Draft The GNU Name System July 2019
5. Internationalization and Character Encoding
- TODO
+ All labels in GNS are encoded in UTF-8 [RFC3629]. This does not
+ include any DNS names found in DNS records, e.g. CNAME records,
+ which are internationalized through the IDNA specifications
+ [RFC5890].
6. Security Considerations
@@ -550,9 +553,6 @@ Internet-Draft The GNU Name System July 2019
TODO
-8. Namespace Revocation
-
- TODO
@@ -562,6 +562,10 @@ Schanzenbach, et al. Expires 24 January 2020 [Page 10]
Internet-Draft The GNU Name System July 2019
+8. Namespace Revocation
+
+ TODO
+
9. IANA Considerations
This will be fun
@@ -606,10 +610,6 @@ Internet-Draft The GNU Name System July 2019
70207f69a4a8387a
AES_KEY :=
- 033e97f17570004e
- ffe7e1b75b167668
- a3e0c320b7660eef
- 0718d0aaa779164
@@ -618,6 +618,11 @@ Schanzenbach, et al. Expires 24 January 2020 [Page 11]
Internet-Draft The GNU Name System July 2019
+ 033e97f17570004e
+ ffe7e1b75b167668
+ a3e0c320b7660eef
+ 0718d0aaa779164
+
AES_IV :=
b052ae34fac578e9
c7e400e712359621
@@ -661,11 +666,6 @@ Internet-Draft The GNU Name System July 2019
6ec6210eb815caba
0663c95eb9ca1863
b13c9320e8637a11
- 68abebc4b916f4ff
- f5bf62aa8d2d56b8
-
- BLOCK :=
- 0f560541fb3900c3 SIGNATURE
@@ -674,6 +674,11 @@ Schanzenbach, et al. Expires 24 January 2020 [Page 12]
Internet-Draft The GNU Name System July 2019
+ 68abebc4b916f4ff
+ f5bf62aa8d2d56b8
+
+ BLOCK :=
+ 0f560541fb3900c3 SIGNATURE
459efcba85e006a9 ||
9122725baa1fb50b \/
6ec6210eb815caba
@@ -685,7 +690,7 @@ Internet-Draft The GNU Name System July 2019
7bc65a676b7a6d23 ||
b2ef300f7fc70058 \/
059e7f29e594b5c1____________
- 000000570000000f BDATA SIZE (=87) | PURPOSE (=15)
+ 000000570000000f SIZE (=87) | PURPOSE (=15)
0005af87005b9140 EXPIRATION
5fb6552e3959ff9f BDATA
d80c1b0213dc7ef1 ||
@@ -707,11 +712,29 @@ Internet-Draft The GNU Name System July 2019
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>.
+ [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
+ 2003, <https://www.rfc-editor.org/info/rfc3629>.
+
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010,
<https://www.rfc-editor.org/info/rfc5869>.
+
+
+
+
+Schanzenbach, et al. Expires 24 January 2020 [Page 13]
+�
+Internet-Draft The GNU Name System July 2019
+
+
+ [RFC5890] Klensin, J., "Internationalized Domain Names for
+ Applications (IDNA): Definitions and Document Framework",
+ RFC 5890, DOI 10.17487/RFC5890, August 2010,
+ <https://www.rfc-editor.org/info/rfc5890>.
+
[RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature
Algorithm (DSA) and Elliptic Curve Digital Signature
Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August
@@ -722,14 +745,6 @@ Internet-Draft The GNU Name System July 2019
DOI 10.17487/RFC8032, January 2017,
<https://www.rfc-editor.org/info/rfc8032>.
-
-
-
-Schanzenbach, et al. Expires 24 January 2020 [Page 13]
-�
-Internet-Draft The GNU Name System July 2019
-
-
Authors' Addresses
Martin Schanzenbach
@@ -766,19 +781,4 @@ Authors' Addresses
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Schanzenbach, et al. Expires 24 January 2020 [Page 14]
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -559,7 +559,10 @@
<section anchor="encoding" numbered="true" toc="default">
<name>Internationalization and Character Encoding</name>
<t>
- TODO
+ All labels in GNS are encoded in UTF-8 <xref target="RFC3629" />.
+ This does not include any DNS names found in DNS records, such as CNAME
+ records, which are internationalized through the IDNA specifications
+ <xref target="RFC5890" />.
</t>
</section>
<section anchor="security" numbered="true" toc="default">
@@ -711,6 +714,7 @@
<back>
<references>
<name>Normative References</name>
+ <reference anchor="RFC5890" target="https://www.rfc-editor.org/info/rfc5890"><front><title>Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework</title><author initials="J." surname="Klensin" fullname="J. Klensin"><organization/></author><date year="2010" month="August"/><abstract><t>This document is one of a collection that, together, describe the protocol and usage context for a revision of Internationalized Domain Names for Applications (IDNA), superseding the earlier version. It describes the document collection and provides definitions and other material that are common to the set. [STANDARDS-TRACK]</t></abstract></front><seriesInfo name="RFC" value="5890"/><seriesInfo name="DOI" value="10.17487/RFC5890"/></reference>
<reference anchor="RFC5869" target="https://www.rfc-editor.org/info/rfc5869">
<front>
<title>
@@ -732,6 +736,8 @@
<seriesInfo name="RFC" value="5869"/>
<seriesInfo name="DOI" value="10.17487/RFC5869"/>
</reference>
+ <reference anchor="RFC3629" target="https://www.rfc-editor.org/info/rfc3629"><front><title>UTF-8, a transformation format of ISO 10646</title><author initials="F." surname="Yergeau" fullname="F. Yergeau"><organization/></author><date year="2003" month="November"/><abstract><t>ISO/IEC 10646-1 defines a large character set called the Universal Character Set (UCS) which encompasses most of the world's writing systems. The originally proposed encodings of the UCS, however, were not compatible with many current applications and protocols, and this has led to the development of UTF-8, the object of this memo. UTF-8 has the characteristic of preserving the full US-ASCII range, providing compatibility with file systems, parsers and other software that rely on US-ASCII values but are transparent to other values. This memo obsoletes and replaces RFC 2279.</t></abstract></front><seriesInfo name="STD" value="63"/><seriesInfo name="RFC" value="3629"/><seriesInfo name="DOI" value="10.17487/RFC3629"/>
+ </reference>
<reference anchor="RFC8032" target="https://www.rfc-editor.org/info/rfc8032">
<front>
<title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title>
