commit 5d046522c436c160df3f9c91e654a94fd7334e57
parent 9c78d3ff977835a443841bf58b8c4a5dcb9106e8
Author: Christian Grothoff <christian@grothoff.org>
Date: Wed, 2 Feb 2022 13:10:49 +0100
-minor English improvements
Diffstat:
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -1911,12 +1911,11 @@ example.com = zk2
in it as defined by its zone type (see also <xref target="records_block" />).</li>
</ol>
<t>
- Upon receiving the RRBLOCK from the storage, apart from verifying the
- provided signature, the resolver MUST check that the authoritative
- zone key was used to sign the record:
- The derived zone key zk' MUST match the public key provided in
- the RRBLOCK, otherwise the RRBLOCK MUST be ignored and the storage
- lookup GET(q) MUST continue.
+ Upon receiving the RRBLOCK from the storage, as part of verifying the
+ provided signature, the resolver MUST check that the SHA-512 hash of the
+ derived authoritative zone key zk' from the RRBLOCK matches the query q.
+ If not, the RRBLOCK MUST be ignored and, if applicable, the storage
+ lookup GET(q) MUST continue to look for other RRBLOCKs.
</t>
</section>
<section anchor="record_processing" numbered="true" toc="default">
