lsd0001

LSD0001: GNU Name System
Log | Files | Refs | README
commit 6629af680b7dc805eb3c5f2b04b7dda52813dfac
parent 08eb527c734b9caf7314bdb39bdcd7b432c25b79
Author: Christian Grothoff <christian@grothoff.org>
Date:   Fri, 30 Jun 2023 23:58:23 +0200

write 'recursion' steps slightly more algorithmically

Diffstat:

Mdraft-schanzen-gns.xml | 22+++++++++++-----------


1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -2207,24 +2207,24 @@ example.com.gns.alt = zTLD2 := Base32GNS(ztype2||zk2)
            <li>Calculate q using the label and zk as defined in
            <xref target="blinding" />.</li>
            <li>Perform a storage query GET(q) to retrieve the RRBLOCK.</li>
-           <li>Verify and process the RRBLOCK and decrypt the BDATA contained
-           in it using S-Decrypt() as defined by the zone type effectively
-           inverting the process described in <xref target="records_block" />.</li>
+           <li>Check that (a) the block is not expired, (b) the SHA-512 hash
+             of the derived authoritative zone key zk' from the RRBLOCK matches
+             the query q, and (c) that the signature is valid. If any of these
+             tests fail, the RRBLOCK <bcp14>MUST</bcp14>
+             be ignored and, if applicable, the storage lookup GET(q)
+             <bcp14>MUST</bcp14> continue to look for other RRBLOCKs.</li>
+           <li>Obtain the RDATA by decrypting the BDATA contained in the
+              RRBLOCK using S-Decrypt() as defined by the zone type, effectively
+              inverting the process described in <xref target="records_block" />.</li>
          </ol>
          <t>
-           Upon receiving the RRBLOCK from the storage, as part of verifying the
-           provided signature, the resolver <bcp14>MUST</bcp14> check that the SHA-512 hash of the
-           derived authoritative zone key zk' from the RRBLOCK matches the query q
-           and that the block is not yet expired.
-           If the signature does not match or the block is expired, the RRBLOCK <bcp14>MUST</bcp14>
-           be ignored and, if applicable, the storage lookup GET(q) <bcp14>MUST</bcp14> continue to
-           look for other RRBLOCKs.
+           Once a well-formed block has been decrypted, the records from
+           RDATA are subjected to record processing.
          </t>
        </section>
        <section anchor="record_processing" numbered="true" toc="default">
          <name>Record Processing</name>
          <t>
-           Record processing occurs once a well-formed block has been decrypted.
            In record processing, only the valid records obtained are considered.
            To filter records by validity, the resolver
            <bcp14>MUST</bcp14> at least check the expiration time and the FLAGS field of the