commit b51990e6aed95ec8c212a4124a02dd661cbf70c2
parent ff5bd38f5ae3298c6d627ec47303c93c0e21373b
Author: Schanzenbach, Martin <mschanzenbach@posteo.de>
Date: Tue, 10 Sep 2019 18:59:38 +0200
more hashing
Diffstat:
3 files changed, 1641 insertions(+), 48 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
@@ -0,0 +1,1588 @@
+<!DOCTYPE html>
+<html lang="en" class="Internet-Draft">
+<head>
+<meta charset="utf-8">
+<meta content="Common,Latin" name="scripts">
+<meta content="initial-scale=1.0" name="viewport">
+<title>
+ The GNU Name System Specification
+ </title>
+<meta content="Martin Schanzenbach" name="author">
+<meta content="
+ This document contains the GNU Name System (GNS) technical specification.
+ " name="description">
+<meta content="xml2rfc 2.26.0" name="generator">
+<meta content="name systems" name="keyword">
+<link href="draft-schanzen-gns.xml" type="application/rfc+xml" rel="alternate">
+<link href="#copyright" rel="license">
+<style type="text/css">/*
+
+ NOTE: Changes at the bottom of this file overrides some earlier settings.
+
+ Once the style has stabilized and has been adopted as an official RFC style,
+ this can be consolidated so that style settings occur only in one place, but
+ for now the contents of this file consists first of the initial CSS work as
+ provided to the RFC Formatter (xml2rfc) work, followed by itemized and
+ commented changes found necssary during the development of the v3
+ formatters.
+
+*/
+
+/* fonts */
+@import url('https://fonts.googleapis.com/css?family=Noto+Sans'); /* Sans-serif */
+@import url('https://fonts.googleapis.com/css?family=Noto+Serif'); /* Serif (print) */
+@import url('https://fonts.googleapis.com/css?family=Roboto+Mono'); /* Monospace */
+
+@viewport {
+ zoom: 1.0;
+ width: extend-to-zoom;
+}
+@-ms-viewport {
+ width: extend-to-zoom;
+ zoom: 1.0;
+}
+/* general and mobile first */
+html {
+}
+body {
+ max-width: 90%;
+ margin: 1.5em auto;
+ color: #222;
+ background-color: #fff;
+ font-size: 14px;
+ font-family: 'Noto Sans', Arial, Helvetica, sans-serif;
+ line-height: 1.6;
+ scroll-behavior: smooth;
+}
+.ears {
+ display: none;
+}
+
+/* headings */
+#title, h1, h2, h3, h4, h5, h6 {
+ margin: 1em 0 0.5em;
+ font-weight: bold;
+ line-height: 1.3;
+}
+#title {
+ clear: both;
+ border-bottom: 1px solid #ddd;
+ margin: 0 0 0.5em 0;
+ padding: 1em 0 0.5em;
+}
+.author {
+ padding-bottom: 4px;
+}
+h1 {
+ font-size: 26px;
+ margin: 1em 0;
+}
+h2 {
+ font-size: 22px;
+ margin-top: -20px; /* provide offset for in-page anchors */
+ padding-top: 33px;
+}
+h3 {
+ font-size: 18px;
+ margin-top: -36px; /* provide offset for in-page anchors */
+ padding-top: 42px;
+}
+h4 {
+ font-size: 16px;
+ margin-top: -36px; /* provide offset for in-page anchors */
+ padding-top: 42px;
+}
+h5, h6 {
+ font-size: 14px;
+}
+#n-copyright-notice {
+ border-bottom: 1px solid #ddd;
+ padding-bottom: 1em;
+ margin-bottom: 1em;
+}
+/* general structure */
+p {
+ padding: 0;
+ margin: 0 0 1em 0;
+ text-align: left;
+}
+div, span {
+ position: relative;
+}
+div {
+ margin: 0;
+}
+.alignRight.art-text {
+ background-color: #f9f9f9;
+ border: 1px solid #eee;
+ border-radius: 3px;
+ padding: 1em 1em 0;
+ margin-bottom: 1.5em;
+}
+.alignRight.art-text pre {
+ padding: 0;
+}
+.alignRight {
+ margin: 1em 0;
+}
+.alignRight > *:first-child {
+ border: none;
+ margin: 0;
+ float: right;
+ clear: both;
+}
+.alignRight > *:nth-child(2) {
+ clear: both;
+ display: block;
+ border: none;
+}
+svg {
+ display: block;
+}
+.alignCenter.art-text {
+ background-color: #f9f9f9;
+ border: 1px solid #eee;
+ border-radius: 3px;
+ padding: 1em 1em 0;
+ margin-bottom: 1.5em;
+}
+.alignCenter.art-text pre {
+ padding: 0;
+}
+.alignCenter {
+ margin: 1em 0;
+}
+.alignCenter > *:first-child {
+ border: none;
+ /* this isn't optimal, but it's an existence proof. PrinceXML doesn't
+ support flexbox yet.
+ */
+ display: table;
+ margin: 0 auto;
+}
+
+/* lists */
+ol, ul {
+ padding: 0;
+ margin: 0 0 1em 2em;
+}
+ol ol, ul ul, ol ul, ul ol {
+ margin-left: 1em;
+}
+li {
+ margin: 0 0 0.25em 0;
+}
+.ulCompact li {
+ margin: 0;
+}
+ul.empty, .ulEmpty {
+ list-style-type: none;
+}
+ul.empty li, .ulEmpty li {
+ margin-top: 0.5em;
+}
+ul.compact, .ulCompact,
+ol.compact, .olCompact {
+ line-height: 100%;
+ margin: 0 0 0 2em;
+}
+
+/* definition lists */
+dl {
+}
+dl > dt {
+ float: left;
+ margin-right: 1em;
+}
+/*
+dl.nohang > dt {
+ float: none;
+}
+*/
+dl > dd {
+ margin-bottom: .8em;
+ min-height: 1.3em;
+}
+dl.compact > dd, .dlCompact > dd {
+ margin-bottom: 0em;
+}
+dl > dd > dl {
+ margin-top: 0.5em;
+ margin-bottom: 0em;
+}
+
+/* links */
+a {
+ text-decoration: none;
+}
+a[href] {
+ color: #22e; /* Arlen: WCAG 2019 */
+}
+a[href]:hover {
+ background-color: #f2f2f2;
+}
+figcaption a[href],
+a[href].selfRef {
+ color: #222;
+}
+/* XXX probably not this:
+a.selfRef:hover {
+ background-color: transparent;
+ cursor: default;
+} */
+
+/* Figures */
+tt, code, pre, code {
+ background-color: #f9f9f9;
+ font-family: 'Roboto Mono', monospace;
+}
+pre {
+ border: 1px solid #eee;
+ margin: 0;
+ padding: 1em;
+}
+img {
+ max-width: 100%;
+}
+figure {
+ margin: 0;
+}
+figure blockquote {
+ margin: 0.8em 0.4em 0.4em;
+}
+figcaption {
+ font-style: italic;
+ margin: 0 0 1em 0;
+}
+@media screen {
+ pre {
+ overflow-x: auto;
+ max-width: 100%;
+ max-width: calc(100% - 22px);
+ }
+}
+
+/* aside, blockquote */
+aside, blockquote {
+ margin-left: 0;
+ padding: 1.2em 2em;
+}
+blockquote {
+ background-color: #f9f9f9;
+ color: #111; /* Arlen: WCAG 2019 */
+ border: 1px solid #ddd;
+ border-radius: 3px;
+ margin: 1em 0;
+}
+cite {
+ display: block;
+ text-align: right;
+ font-style: italic;
+}
+
+/* tables */
+table {
+ width: 100%;
+ margin: 0 0 1em;
+ border-collapse: collapse;
+ border: 1px solid #eee;
+}
+th, td {
+ text-align: left;
+ vertical-align: top;
+ padding: 0.5em 0.75em;
+}
+th {
+ text-align: left;
+ background-color: #e9e9e9;
+}
+tr:nth-child(2n+1) > td {
+ background-color: #f5f5f5;
+}
+table caption {
+ font-style: italic;
+ margin: 0;
+ padding: 0;
+ text-align: left;
+}
+table p {
+ /* XXX to avoid bottom margin on table row signifiers. If paragraphs should
+ be allowed within tables more generally, it would be far better to select on a class. */
+ margin: 0;
+}
+
+/* pilcrow */
+a.pilcrow {
+ color: #666; /* Arlen: AHDJ 2019 */
+ text-decoration: none;
+ visibility: hidden;
+ user-select: none;
+ -ms-user-select: none;
+ -o-user-select:none;
+ -moz-user-select: none;
+ -khtml-user-select: none;
+ -webkit-user-select: none;
+ -webkit-touch-callout: none;
+}
+@media screen {
+ aside:hover > a.pilcrow,
+ p:hover > a.pilcrow,
+ blockquote:hover > a.pilcrow,
+ div:hover > a.pilcrow,
+ li:hover > a.pilcrow,
+ pre:hover > a.pilcrow {
+ visibility: visible;
+ }
+ a.pilcrow:hover {
+ background-color: transparent;
+ }
+}
+
+/* misc */
+hr {
+ border: 0;
+ border-top: 1px solid #eee;
+}
+.bcp14 {
+ font-variant: small-caps;
+}
+
+.role {
+ font-variant: all-small-caps;
+}
+
+/* info block */
+#identifiers {
+ margin: 0;
+ font-size: 0.9em;
+}
+#identifiers dt {
+ width: 3em;
+ clear: left;
+}
+#identifiers dd {
+ float: left;
+ margin-bottom: 0;
+}
+#identifiers .authors .author {
+ display: inline-block;
+ margin-right: 1.5em;
+}
+#identifiers .authors .org {
+ font-style: italic;
+}
+
+/* The prepared/rendered info at the very bottom of the page */
+.docInfo {
+ color: #666; /* Arlen: WCAG 2019 */
+ font-size: 0.9em;
+ font-style: italic;
+ margin-top: 2em;
+}
+.docInfo .prepared {
+ float: left;
+}
+.docInfo .prepared {
+ float: right;
+}
+
+/* table of contents */
+#toc {
+ padding: 0.75em 0 2em 0;
+ margin-bottom: 1em;
+}
+nav.toc ul {
+ margin: 0 0.5em 0 0;
+ padding: 0;
+ list-style: none;
+}
+nav.toc li {
+ line-height: 1.3em;
+ margin: 0.75em 0;
+ padding-left: 1.2em;
+ text-indent: -1.2em;
+}
+/* references */
+.references dt {
+ text-align: right;
+ font-weight: bold;
+ min-width: 7em;
+}
+.references dd {
+ margin-left: 8em;
+ overflow: auto;
+}
+
+.refInstance {
+ margin-bottom: 1.25em;
+}
+
+.references .ascii {
+ margin-bottom: 0.25em;
+}
+
+/* index */
+.index ul {
+ margin: 0 0 0 1em;
+ padding: 0;
+ list-style: none;
+}
+.index ul ul {
+ margin: 0;
+}
+.index li {
+ margin: 0;
+ text-indent: -2em;
+ padding-left: 2em;
+ padding-bottom: 5px;
+}
+.indexIndex {
+ margin: 0.5em 0 1em;
+}
+.index a {
+ font-weight: 700;
+}
+/* make the index two-column on all but the smallest screens */
+@media (min-width: 600px) {
+ .index ul {
+ -moz-column-count: 2;
+ -moz-column-gap: 20px;
+ }
+ .index ul ul {
+ -moz-column-count: 1;
+ -moz-column-gap: 0;
+ }
+}
+
+/* authors */
+address.vcard {
+ font-style: normal;
+ margin: 1em 0;
+}
+
+address.vcard .nameRole {
+ font-weight: 700;
+ margin-left: 0;
+}
+address.vcard .label {
+ font-family: "Noto Sans",Arial,Helvetica,sans-serif;
+ margin: 0.5em 0;
+}
+address.vcard .type {
+ display: none;
+}
+.alternative-contact {
+ margin: 1.5em 0 1em;
+}
+hr.addr {
+ border-top: 1px dashed;
+ margin: 0;
+ color: #ddd;
+ max-width: calc(100% - 16px);
+}
+
+/* temporary notes */
+.rfcEditorRemove::before {
+ position: absolute;
+ top: 0.2em;
+ right: 0.2em;
+ padding: 0.2em;
+ content: "The RFC Editor will remove this note";
+ color: #9e2a00; /* Arlen: WCAG 2019 */
+ background-color: #ffd; /* Arlen: WCAG 2019 */
+}
+.rfcEditorRemove {
+ position: relative;
+ padding-top: 1.8em;
+ background-color: #ffd; /* Arlen: WCAG 2019 */
+ border-radius: 3px;
+}
+.cref {
+ background-color: #ffd; /* Arlen: WCAG 2019 */
+ padding: 2px 4px;
+}
+.crefSource {
+ font-style: italic;
+}
+/* alternative layout for smaller screens */
+@media screen and (max-width: 1023px) {
+ body {
+ padding-top: 2em;
+ }
+ #title {
+ padding: 1em 0;
+ }
+ h1 {
+ font-size: 24px;
+ }
+ h2 {
+ font-size: 20px;
+ margin-top: -18px; /* provide offset for in-page anchors */
+ padding-top: 38px;
+ }
+ #identifiers dd {
+ max-width: 60%;
+ }
+ #toc {
+ position: fixed;
+ z-index: 2;
+ top: 0;
+ right: 0;
+ padding: 0;
+ margin: 0;
+ background-color: inherit;
+ border-bottom: 1px solid #ccc;
+ }
+ #toc h2 {
+ margin: -1px 0 0 0;
+ padding: 4px 0 4px 6px;
+ padding-right: 1em;
+ min-width: 190px;
+ font-size: 1.1em;
+ text-align: right;
+ background-color: #444;
+ color: white;
+ cursor: pointer;
+ }
+ #toc h2::before { /* css hamburger */
+ float: right;
+ position: relative;
+ width: 1em;
+ height: 1px;
+ left: -164px;
+ margin: 6px 0 0 0;
+ background: white none repeat scroll 0 0;
+ box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
+ content: "";
+ }
+ #toc nav {
+ display: none;
+ padding: 0.5em 1em 1em;
+ overflow: auto;
+ height: calc(100vh - 48px);
+ border-left: 1px solid #ddd;
+ }
+}
+
+/* alternative layout for wide screens */
+@media screen and (min-width: 1024px) {
+ body {
+ max-width: 724px;
+ margin: 42px auto;
+ padding-left: 1.5em;
+ padding-right: 29em;
+ }
+ #toc {
+ position: fixed;
+ top: 42px;
+ right: 42px;
+ width: 25%;
+ margin: 0;
+ padding: 0 1em;
+ z-index: 1;
+ }
+ #toc h2 {
+ border-top: none;
+ border-bottom: 1px solid #ddd;
+ font-size: 1em;
+ font-weight: normal;
+ margin: 0;
+ padding: 0.25em 1em 1em 0;
+ }
+ #toc nav {
+ display: block;
+ height: calc(90vh - 84px);
+ bottom: 0;
+ padding: 0.5em 0 0;
+ overflow: auto;
+ }
+ img { /* future proofing */
+ max-width: 100%;
+ height: auto;
+ }
+}
+
+/* pagination */
+@media print {
+ body {
+
+ width: 100%;
+ }
+ p {
+ orphans: 3;
+ widows: 3;
+ }
+ #n-copyright-notice {
+ border-bottom: none;
+ }
+ #toc, #n-introduction {
+ page-break-before: always;
+ }
+ #toc {
+ border-top: none;
+ padding-top: 0;
+ }
+ figure, pre {
+ page-break-inside: avoid;
+ }
+ figure {
+ overflow: scroll;
+ }
+ h1, h2, h3, h4, h5, h6 {
+ page-break-after: avoid;
+ }
+ h2+*, h3+*, h4+*, h5+*, h6+* {
+ page-break-before: avoid;
+ }
+ pre {
+ white-space: pre-wrap;
+ word-wrap: break-word;
+ font-size: 10pt;
+ }
+ table {
+ border: 1px solid #ddd;
+ }
+ td {
+ border-top: 1px solid #ddd;
+ }
+}
+
+/* This is commented out here, as the string-set: doesn't
+ pass W3C validation currently */
+/*
+.ears thead .left {
+ string-set: ears-top-left content();
+}
+
+.ears thead .center {
+ string-set: ears-top-center content();
+}
+
+.ears thead .right {
+ string-set: ears-top-right content();
+}
+
+.ears tfoot .left {
+ string-set: ears-bottom-left content();
+}
+
+.ears tfoot .center {
+ string-set: ears-bottom-center content();
+}
+
+.ears tfoot .right {
+ string-set: ears-bottom-right content();
+}
+*/
+
+@page :first {
+ padding-top: 0;
+ @top-left {
+ content: normal;
+ border: none;
+ }
+ @top-center {
+ content: normal;
+ border: none;
+ }
+ @top-right {
+ content: normal;
+ border: none;
+ }
+}
+
+@page {
+ size: A4;
+ margin-bottom: 45mm;
+ padding-top: 20px;
+ /* The follwing is commented out here, but set appropriately by in code, as
+ the content depends on the document */
+ /*
+ @top-left {
+ content: 'Internet-Draft';
+ vertical-align: bottom;
+ border-bottom: solid 1px #ccc;
+ }
+ @top-left {
+ content: string(ears-top-left);
+ vertical-align: bottom;
+ border-bottom: solid 1px #ccc;
+ }
+ @top-center {
+ content: string(ears-top-center);
+ vertical-align: bottom;
+ border-bottom: solid 1px #ccc;
+ }
+ @top-right {
+ content: string(ears-top-right);
+ vertical-align: bottom;
+ border-bottom: solid 1px #ccc;
+ }
+ @bottom-left {
+ content: string(ears-bottom-left);
+ vertical-align: top;
+ border-top: solid 1px #ccc;
+ }
+ @bottom-center {
+ content: string(ears-bottom-center);
+ vertical-align: top;
+ border-top: solid 1px #ccc;
+ }
+ @bottom-right {
+ content: '[Page ' counter(page) ']';
+ vertical-align: top;
+ border-top: solid 1px #ccc;
+ }
+ */
+
+}
+
+/* Changes introduced to fix issues found during implementation */
+/* Make sure links are clickable even if overlapped by following H* */
+a {
+ z-index: 2;
+}
+/* Separate body from document info even without intervening H1 */
+section {
+ clear: both;
+}
+
+
+/* Top align author divs, to avoid names without organization dropping level with org names */
+.author {
+ vertical-align: top;
+}
+
+/* Leave room in document info to show Internet-Draft on one line */
+#identifiers dt {
+ width: 8em;
+}
+
+/* Don't waste quite as much whitespace between label and value in doc info */
+#identifiers dd {
+ margin-left: 1em;
+}
+
+/* Give floating toc a background color (needed when it's a div inside section */
+#toc {
+ background-color: white;
+}
+
+/* Make the collapsed ToC header render white on gray also when it's a link */
+@media screen and (max-width: 1023px) {
+ #toc h2 a,
+ #toc h2 a:link,
+ #toc h2 a:focus,
+ #toc h2 a:hover,
+ #toc a.toplink,
+ #toc a.toplink:hover {
+ color: white;
+ background-color: #444;
+ text-decoration: none;
+ }
+}
+
+/* Give the bottom of the ToC some whitespace */
+@media screen and (min-width: 1024px) {
+ #toc {
+ padding: 0 0 1em 1em;
+ }
+}
+
+/* Style section numbers with more space between number and title */
+.section-number {
+ padding-right: 0.5em;
+}
+
+/* prevent monospace from becoming overly large */
+tt, code, pre, code {
+ font-size: 95%;
+}
+
+/* Fix the height/width aspect for ascii art*/
+pre.sourcecode,
+.art-text pre {
+ line-height: 1.12;
+}
+
+
+/* Add styling for a link in the ToC that points to the top of the document */
+a.toplink {
+ float: right;
+ margin-right: 0.5em;
+}
+
+/* Fix the dl styling to match the RFC 7992 attributes */
+dl > dt,
+dl.dlParallel > dt {
+ float: left;
+ margin-right: 1em;
+}
+dl.dlNewline > dt {
+ float: none;
+}
+
+/* Provide styling for table cell text alignment */
+table td.text-left,
+table th.text-left {
+ text-align: left;
+}
+table td.text-center,
+table th.text-center {
+ text-align: center;
+}
+table td.text-right,
+table th.text-right {
+ text-align: right;
+}
+
+/* Make the alternative author contact informatio look less like just another
+ author, and group it closer with the primary author contact information */
+.alternative-contact {
+ margin: 0.5em 0 0.25em 0;
+}
+address .non-ascii {
+ margin: 0 0 0 2em;
+}
+
+/* With it being possible to set tables with alignment
+ left, center, and right, { width: 100%; } does not make sense */
+table {
+ width: auto;
+}
+
+/* Avoid reference text that sits in a block with very wide left margin,
+ because of a long floating dt label.*/
+.references dd {
+ overflow: visible;
+}
+
+/* Control caption placement */
+caption {
+ caption-side: bottom;
+}
+
+/* Limit the width of the author address vcard, so names in right-to-left
+ script don't end up on the other side of the page. */
+
+address.vcard {
+ max-width: 30em;
+ margin-right: auto;
+}
+
+/* For address alignment dependent on LTR or RTL scripts */
+address div.left {
+ text-align: left;
+}
+address div.right {
+ text-align: right;
+}
+
+/* Provide table alignment support. We can't use the alignX classes above
+ since they do unwanted things with caption and other styling. */
+table.right {
+ margin-left: auto;
+ margin-right: 0;
+}
+table.center {
+ margin-left: auto;
+ margin-right: auto;
+}
+table.left {
+ margin-left: 0;
+ margin-right: auto;
+}
+
+/* Give the table caption label the same styling as the figcaption */
+caption a[href] {
+ color: #222;
+}
+
+@media print {
+ .toplink {
+ display: none;
+ }
+
+ /* avoid overwriting the top border line with the ToC header */
+ #toc {
+ padding-top: 1px;
+ }
+
+ /* Avoid page breaks inside dl and author address entries */
+ dd {
+ page-break-before: avoid;
+ }
+ .vcard {
+ page-break-inside: avoid;
+ }
+
+}
+/* Avoid wrapping of URLs in references */
+.references a {
+ white-space: nowrap;
+}
+/* Tweak the bcp14 keyword presentation */
+.bcp14 {
+ font-variant: small-caps;
+ font-weight: bold;
+ font-size: 0.9em;
+}
+/* Tweak the invisible space above H* in order not to overlay links in text above */
+ h2 {
+ margin-top: -18px; /* provide offset for in-page anchors */
+ padding-top: 31px;
+ }
+ h3 {
+ margin-top: -18px; /* provide offset for in-page anchors */
+ padding-top: 24px;
+ }
+ h4 {
+ margin-top: -18px; /* provide offset for in-page anchors */
+ padding-top: 24px;
+ }
+/* Float artwork pilcrow to the right */
+.artwork a.pilcrow {
+ display: block;
+ line-height: 0.7;
+ margin-top: 0.15em;
+}
+/* Make pilcrows on dd visible */
+@media screen {
+ dd:hover > a.pilcrow {
+ visibility: visible;
+ }
+}
+/* Make the placement of figcaption match that of a table's caption
+ by removing the figure's added bottom margin */
+.alignLeft.art-text,
+.alignCenter.art-text,
+.alignRight.art-text {
+ margin-bottom: 0;
+}
+.alignLeft,
+.alignCenter,
+.alignRight {
+ margin: 1em 0 0 0;
+}
+</style>
+<link href="rfc-local.css" type="text/css" rel="stylesheet">
+</head>
+<body>
+<script>
+async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(let t=0;t<e.length;t++)if(/#identifiers/.exec(e[t].selectorText)){const a=e[t].cssText.replace("#identifiers","#metadata");document.styleSheets[0].insertRule(a,document.styleSheets[0].cssRules.length)}}catch(e){console.log(e)}const e=document.getElementById("metadata");if(e){e.style.background="#eee";try{var t;t=document.URL.indexOf("html")>=0?document.URL.replace(/html$/,"json"):document.URL+".json";const o=await fetch(t),s=(await o.json())[0],r="",d="https://datatracker.ietf.org/doc",l="https://datatracker.ietf.org/ipr/search",c="https://www.rfc-editor.org/info",n=s.doc_id.toLowerCase(),i=s.doc_id.slice(0,3).toLowerCase(),f=s.doc_id.slice(3).replace(/^0+/,""),h={status:"Status",obsoletes:"Obsoletes",obsoleted_by:"Obsoleted By",updates:"Updates",updated_by:"Updated By",see_also:"See Also",errata_url:"Errata"};let u="<dl style='overflow:hidden'>";["status","obsoletes","obsoleted_by","updates","updated_by","see_also","errata_url"].forEach(e=>{if("status"==e){s[e]=s[e].toLowerCase();var t=s[e].split(" ");sLen=t.length;var o="",p=1;for(let e=0;e<sLen;e++)p<sLen?o=o+a(t[e])+" ":o+=a(t[e]),p++;s[e]=o}else if("obsoletes"==e||"obsoleted_by"==e||"updates"==e||"updated_by"==e){var b,g="",y=1;b=s[e].length;for(let t=0;t<b;t++)s[e][t]&&(s[e][t]=String(s[e][t]).toLowerCase(),g=y<b?g+"<a href='"+r+"/rfc/".concat(s[e][t])+"'>"+s[e][t].slice(3)+"</a>, ":g+"<a href='"+r+"/rfc/".concat(s[e][t])+"'>"+s[e][t].slice(3)+"</a>",y++);s[e]=g}else if("see_also"==e){var m,w="",L=1;m=s[e].length;for(let t=0;t<m;t++)if(s[e][t]){s[e][t]=String(s[e][t]);var _=s[e][t].slice(0,3),v=s[e][t].slice(3).replace(/^0+/,"");w=L<m?w+"<a href='"+r+"/"+_.toLowerCase()+"/".concat(v.toLowierCase())+"'>"+_+" "+v+"</a>, ":w+"<a href='"+r+"/"+_.toLowerCase()+"/".concat(v.toLowerCase())+"'>"+_+" "+v+"</a>",L++}s[e]=w}else if("errata_url"==e){var C="";C=s[e]?C+"<a href='"+s[e]+"'>Errata exist</a>, <a href='"+d+"/"+n+"'>Datatracker</a>, <a href='"+l+"/?"+i+"="+f+"&submit="+i+"'>IPR</a>, <a href='"+c+"/"+n+"'>Info page</a>":"<a href='"+d+"/"+n+"'>Datatracker</a>, <a href='"+l+"/?"+i+"="+f+"&submit="+i+"'>IPR</a>, <a href='"+c+"/"+n+"'>Info page</a>",s[e]=C}""!=s[e]?"Errata"==h[e]?u+=`<dt>More info:</dt><dd>${s[e]}</dd>`:u+=`<dt>${h[e]}:</dt><dd>${s[e]}</dd>`:"Errata"==h[e]&&(u+=`<dt>More info:</dt><dd>${s[e]}</dd>`)}),u+="</dl>",e.innerHTML=u}catch(e){console.log(e)}}else console.log("Could not locate metadata <div> element");function a(e){return e.charAt(0).toUpperCase()+e.slice(1)}}window.addEventListener("load",addMetadata);</script>
+<script src="metadata.min.js"></script>
+<table class="ears">
+<thead><tr>
+<td class="left">Internet-Draft</td>
+<td class="center">The GNU Name System</td>
+<td class="right">July 2019</td>
+</tr></thead>
+<tfoot><tr>
+<td class="left">Schanzenbach</td>
+<td class="center">Expires 24 January 2020</td>
+<td class="right">[Page]</td>
+</tr></tfoot>
+</table>
+<div class="document-information">
+<dl id="identifiers">
+<dt class="label-workgroup">Workgroup:</dt>
+<dd class="workgroup">Independent Stream</dd>
+<dt class="label-internet-draft">Internet-Draft:</dt>
+<dd class="internet-draft">draft-schanzen-gns-00</dd>
+<dt class="label-published">Published:</dt>
+<dd class="published">
+<time datetime="2019-07-23" class="published">23 July 2019</time>
+ </dd>
+<dt class="label-intended-status">Intended Status:</dt>
+<dd class="intended-status">Informational</dd>
+<dt class="label-expires">Expires:</dt>
+<dd class="expires"><time datetime="2020-01-24">24 January 2020</time></dd>
+<dt class="label-authors">Author:</dt>
+<dd class="authors">
+<div class="author">
+ <div class="author-name">M.S. Schanzenbach</div>
+<div class="org">GNUnet e.V.</div>
+</div>
+</dd>
+</dl>
+</div>
+<h1 id="title">
+ The GNU Name System Specification
+ </h1>
+<section id="section-abstract">
+ <h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
+<p id="section-abstract-1">This document contains the GNU Name System (GNS) technical specification.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
+</section>
+<div id="status-of-memo">
+<section id="section-boilerplate.1">
+ <h2 id="name-status-of-this-memo">
+<a href="#name-status-of-this-memo" class="section-name selfRef">Status of This Memo</a>
+ </h2>
+<p id="section-boilerplate.1-1">
+ This Internet-Draft is submitted in full conformance with the
+ provisions of BCP 78 and BCP 79.<a href="#section-boilerplate.1-1" class="pilcrow">¶</a></p>
+<p id="section-boilerplate.1-2">
+ Internet-Drafts are working documents of the Internet Engineering Task
+ Force (IETF). Note that other groups may also distribute working
+ documents as Internet-Drafts. The list of current Internet-Drafts is
+ at <span><a href="https://datatracker.ietf.org/drafts/current/">https://datatracker.ietf.org/drafts/current/</a></span>.<a href="#section-boilerplate.1-2" class="pilcrow">¶</a></p>
+<p id="section-boilerplate.1-3">
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
+<p id="section-boilerplate.1-4">
+ This Internet-Draft will expire on 24 January 2020.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
+</section>
+</div>
+<div id="copyright">
+<section id="section-boilerplate.2">
+ <h2 id="name-copyright-notice">
+<a href="#name-copyright-notice" class="section-name selfRef">Copyright Notice</a>
+ </h2>
+<p id="section-boilerplate.2-1">
+ Copyright (c) 2019 IETF Trust and the persons identified as the
+ document authors. All rights reserved.<a href="#section-boilerplate.2-1" class="pilcrow">¶</a></p>
+<p id="section-boilerplate.2-2">
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (<span><a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a></span>) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with
+ respect to this document. Code Components extracted from this
+ document must include Simplified BSD License text as described in
+ Section 4.e of the Trust Legal Provisions and are provided without
+ warranty as described in the Simplified BSD License.<a href="#section-boilerplate.2-2" class="pilcrow">¶</a></p>
+</section>
+</div>
+<div id="toc">
+<section id="section-boilerplate.3">
+ <a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents">
+<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
+ </h2>
+<nav class="toc"><ul class="toc ulEmpty">
+<li class="toc ulEmpty" id="section-boilerplate.3-1.1">
+ <p id="section-boilerplate.3-1.1.1"><a href="#section-1" class="xref">1</a>. <a href="#name-introduction" class="xref">Introduction</a><a href="#section-boilerplate.3-1.1.1" class="pilcrow">¶</a></p>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.2">
+ <p id="section-boilerplate.3-1.2.1"><a href="#section-2" class="xref">2</a>. <a href="#name-zones" class="xref">Zones</a><a href="#section-boilerplate.3-1.2.1" class="pilcrow">¶</a></p>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.3">
+ <p id="section-boilerplate.3-1.3.1"><a href="#section-3" class="xref">3</a>. <a href="#name-resource-records" class="xref">Resource records</a><a href="#section-boilerplate.3-1.3.1" class="pilcrow">¶</a></p>
+<ul class="toc ulEmpty">
+<li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.1">
+ <p id="section-boilerplate.3-1.3.2.1.1"><a href="#section-3.1" class="xref">3.1</a>. <a href="#name-flags" class="xref">Flags</a><a href="#section-boilerplate.3-1.3.2.1.1" class="pilcrow">¶</a></p>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.2">
+ <p id="section-boilerplate.3-1.3.2.2.1"><a href="#section-3.2" class="xref">3.2</a>. <a href="#name-gns-resource-record-types" class="xref">GNS resource record types</a><a href="#section-boilerplate.3-1.3.2.2.1" class="pilcrow">¶</a></p>
+</li>
+ </ul>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.4">
+ <p id="section-boilerplate.3-1.4.1"><a href="#section-4" class="xref">4</a>. <a href="#name-publishing-records" class="xref">Publishing records</a><a href="#section-boilerplate.3-1.4.1" class="pilcrow">¶</a></p>
+<ul class="toc ulEmpty">
+<li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.1">
+ <p id="section-boilerplate.3-1.4.2.1.1"><a href="#section-4.1" class="xref">4.1</a>. <a href="#name-resource-records-block" class="xref">Resource records block</a><a href="#section-boilerplate.3-1.4.2.1.1" class="pilcrow">¶</a></p>
+<ul class="toc ulEmpty">
+<li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.1.2.1">
+ <p id="section-boilerplate.3-1.4.2.1.2.1.1"><a href="#section-4.1.1" class="xref">4.1.1</a>. <a href="#name-block-data-encryption" class="xref">Block data encryption</a><a href="#section-boilerplate.3-1.4.2.1.2.1.1" class="pilcrow">¶</a></p>
+</li>
+ </ul>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.2">
+ <p id="section-boilerplate.3-1.4.2.2.1"><a href="#section-4.2" class="xref">4.2</a>. <a href="#name-internationalization-and-ch" class="xref">Internationalization and Character Encoding</a><a href="#section-boilerplate.3-1.4.2.2.1" class="pilcrow">¶</a></p>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.3">
+ <p id="section-boilerplate.3-1.4.2.3.1"><a href="#section-4.3" class="xref">4.3</a>. <a href="#name-security-considerations" class="xref">Security Considerations</a><a href="#section-boilerplate.3-1.4.2.3.1" class="pilcrow">¶</a></p>
+</li>
+ </ul>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.5">
+ <p id="section-boilerplate.3-1.5.1"><a href="#section-5" class="xref">5</a>. <a href="#name-record-resolution" class="xref">Record Resolution</a><a href="#section-boilerplate.3-1.5.1" class="pilcrow">¶</a></p>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.6">
+ <p id="section-boilerplate.3-1.6.1"><a href="#section-6" class="xref">6</a>. <a href="#name-namespace-revocation" class="xref">Namespace Revocation</a><a href="#section-boilerplate.3-1.6.1" class="pilcrow">¶</a></p>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.7">
+ <p id="section-boilerplate.3-1.7.1"><a href="#section-7" class="xref">7</a>. <a href="#name-iana-considerations" class="xref">IANA Considerations</a><a href="#section-boilerplate.3-1.7.1" class="pilcrow">¶</a></p>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.8">
+ <p id="section-boilerplate.3-1.8.1"><a href="#section-8" class="xref">8</a>. <a href="#name-normative-references" class="xref">Normative References</a><a href="#section-boilerplate.3-1.8.1" class="pilcrow">¶</a></p>
+</li>
+ <li class="toc ulEmpty" id="section-boilerplate.3-1.9">
+ <p id="section-boilerplate.3-1.9.1"><a href="#section-appendix.a" class="xref"></a> <a href="#name-authors-address" class="xref">Author's Address</a><a href="#section-boilerplate.3-1.9.1" class="pilcrow">¶</a></p>
+</li>
+ </ul>
+</nav>
+</section>
+</div>
+<div id="introduction">
+<section id="section-1">
+ <h2 id="name-introduction">
+<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
+ </h2>
+<p id="section-1-1">
+ This document contains the GNU Name System (GNS) technical specification
+ for secure, censorship-resistant and decentralised name resolution.<a href="#section-1-1" class="pilcrow">¶</a></p>
+<p id="section-1-2">
+ This document defines the normative wire format of resource records, resolution processes,
+ cryptographic routines and security considerations for use by implementors.<a href="#section-1-2" class="pilcrow">¶</a></p>
+<p id="section-1-3"><a href="#section-1-3" class="pilcrow">¶</a></p>
+</section>
+</div>
+<div id="zones">
+<section id="section-2">
+ <h2 id="name-zones">
+<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-zones" class="section-name selfRef">Zones</a>
+ </h2>
+<p id="section-2-1">
+ A zone in GNS is defined by a public/private ECC key pair (x,y), where x
+ is the private key and y the public key.
+ The keys are constructed using the Curve25519 ECC scheme as defined in
+ <span>[<a href="#RFC7748" class="xref">RFC7748</a>]</span>.
+ The schemes defines that "y := x*P" where "P" is the generator of the
+ respective elliptic curve.
+ The public key "y" is used to uniquely identify and refer to the zone.
+ Records published in the zone are signed using a private key derived
+ from the private key "d" as described in <a href="#publish" class="xref">Section 4</a>.<a href="#section-2-1" class="pilcrow">¶</a></p>
+</section>
+</div>
+<div id="rrecords">
+<section id="section-3">
+ <h2 id="name-resource-records">
+<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-resource-records" class="section-name selfRef">Resource records</a>
+ </h2>
+<p id="section-3-1">
+ A GNS resource record holds the data of a specific record in a zone.
+ The resource record wire format is defined as follows:<a href="#section-3-1" class="pilcrow">¶</a></p>
+<div id="figure_gnsrecord">
+<figure id="figure-1">
+ <div class="artwork art-text alignLeft" id="section-3-2.1">
+<pre>
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | EXPIRATION |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | DATA SIZE | TYPE |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | FLAGS | DATA |
+ +-----+-----+-----+-----+ |
+ / /
+ / /
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ </pre>
+</div>
+<figcaption><a href="#figure-1" class="selfRef">Figure 1</a></figcaption></figure>
+</div>
+<p id="section-3-3">where:<a href="#section-3-3" class="pilcrow">¶</a></p>
+<dl class="dlParallel" id="section-3-4">
+ <dt id="section-3-4.1">EXPIRATION</dt>
+ <dd id="section-3-4.2">
+ Denotes the absolute expiration date of the record.
+ In microseconds since midnight (0 hour), January 1, 1970 in network
+ byte order.<a href="#section-3-4.2" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-3-4.3">DATA SIZE</dt>
+ <dd id="section-3-4.4">
+ The resource record data length in bytes and network byte order.<a href="#section-3-4.4" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-3-4.5">TYPE</dt>
+ <dd id="section-3-4.6">
+ The resource record type. This type can be one of the GNS resource
+ records as defined in <a href="#gnsrecords" class="xref">Section 3.2</a> or a DNS record
+ type as defined in <span>[<a href="#RFC1035" class="xref">RFC1035</a>]</span> or any of the
+ complementary standardized DNS resource record types.<a href="#section-3-4.6" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-3-4.7">FLAGS</dt>
+ <dd id="section-3-4.8">
+ Resource record flags. Flags are defined in <a href="#flags" class="xref">Section 3.1</a>.<a href="#section-3-4.8" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-3-4.9">DATA</dt>
+ <dd id="section-3-4.10">
+ The resource record data payload. The contents are defined by the
+ respective type of the resource record.<a href="#section-3-4.10" class="pilcrow">¶</a>
+</dd>
+ </dl>
+<div id="flags">
+<section id="section-3.1">
+ <h3 id="name-flags">
+<a href="#section-3.1" class="section-number selfRef">3.1. </a><a href="#name-flags" class="section-name selfRef">Flags</a>
+ </h3>
+<p id="section-3.1-1">TODO flags<a href="#section-3.1-1" class="pilcrow">¶</a></p>
+</section>
+</div>
+<div id="gnsrecords">
+<section id="section-3.2">
+ <h3 id="name-gns-resource-record-types">
+<a href="#section-3.2" class="section-number selfRef">3.2. </a><a href="#name-gns-resource-record-types" class="section-name selfRef">GNS resource record types</a>
+ </h3>
+<p id="section-3.2-1">The a PKEY DATA entry has the following format:<a href="#section-3.2-1" class="pilcrow">¶</a></p>
+<div id="figure_pkeyrecord">
+<figure id="figure-2">
+ <div class="artwork art-text alignLeft" id="section-3.2-2.1">
+<pre>
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | PUBLIC KEY |
+ | |
+ | |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ </pre>
+</div>
+<figcaption><a href="#figure-2" class="selfRef">Figure 2</a></figcaption></figure>
+</div>
+</section>
+</div>
+</section>
+</div>
+<div id="publish">
+<section id="section-4">
+ <h2 id="name-publishing-records">
+<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-publishing-records" class="section-name selfRef">Publishing records</a>
+ </h2>
+<p id="section-4-1">
+ GNS resource records are published in a distributed hash table (DHT).
+ Resource records are grouped by their respective labels and published
+ together in a single block in the DHT.
+ A resource records block is published under a key which is derived from
+ the respective label of the contained records.
+ Given a label "l", the DHT key "q" is derived as follows:<a href="#section-4-1" class="pilcrow">¶</a></p>
+<div class="artwork art-text alignLeft" id="section-4-2">
+<pre>
+ h := sha512 (l,y)
+ d := h*x mod p
+ q := sha512 (d*P)
+ </pre><a href="#section-4-2" class="pilcrow">¶</a>
+</div>
+<p id="section-4-3">
+ where:<a href="#section-4-3" class="pilcrow">¶</a></p>
+<dl class="dlParallel" id="section-4-4">
+ <dt id="section-4-4.1">h</dt>
+ <dd id="section-4-4.2">
+ is a SHA512 hash over the label "l" and public key "y".<a href="#section-4-4.2" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-4-4.3">d</dt>
+ <dd id="section-4-4.4">
+ is a private key derived from the zone key x using the hash "h".<a href="#section-4-4.4" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-4-4.5">q</dt>
+ <dd id="section-4-4.6">
+ Is the DHT key under which the resource records block is published.
+ It is the SHA512 hash over the public key "d*P" corresponding to the
+ derived private key "d".<a href="#section-4-4.6" class="pilcrow">¶</a>
+</dd>
+ </dl>
+<div id="wire">
+<section id="section-4.1">
+ <h3 id="name-resource-records-block">
+<a href="#section-4.1" class="section-number selfRef">4.1. </a><a href="#name-resource-records-block" class="section-name selfRef">Resource records block</a>
+ </h3>
+<p id="section-4.1-1">
+ GNS records are grouped by their labels are published as a single
+ block in the DHT.
+ The contained resource records are encrypted using a symmetric
+ encryption scheme.
+ A GNS resource records block has the following format:<a href="#section-4.1-1" class="pilcrow">¶</a></p>
+<div id="figure_record_block">
+<figure id="figure-3">
+ <div class="artwork art-text alignLeft" id="section-4.1-2.1">
+<pre>
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | SIGNATURE |
+ | |
+ | |
+ | |
+ | |
+ | |
+ | |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | PUBLIC KEY |
+ | |
+ | |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | BDATA SIZE | PURPOSE |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | EXPIRATION |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ / BDATA /
+ / /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ </pre>
+</div>
+<figcaption><a href="#figure-3" class="selfRef">Figure 3</a></figcaption></figure>
+</div>
+<p id="section-4.1-3">where:<a href="#section-4.1-3" class="pilcrow">¶</a></p>
+<dl class="dlParallel" id="section-4.1-4">
+ <dt id="section-4.1-4.1">SIGNATURE</dt>
+ <dd id="section-4.1-4.2">
+ A 512-bit ECDSA signature. This field contains a 512-bit ECDSA
+ signature over the data following the PUBLIC KEY field.
+ The signature is create using the derived private key "d".<a href="#section-4.1-4.2" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-4.1-4.3">PUBLIC KEY</dt>
+ <dd id="section-4.1-4.4">
+ The 256-bit ECC public key "d*P" to be used to verify SIGNATURE.<a href="#section-4.1-4.4" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-4.1-4.5">BDATA SIZE</dt>
+ <dd id="section-4.1-4.6">
+ A 32-bit value containing the length of the following data (PURPOSE,
+ EXPIRATION, BDATA) in network byte order.<a href="#section-4.1-4.6" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-4.1-4.7">PURPOSE</dt>
+ <dd id="section-4.1-4.8">
+ A 32-bit signature purpose flag. This field MUST be 15 (in network
+ byte order).<a href="#section-4.1-4.8" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-4.1-4.9">EXPIRATION</dt>
+ <dd id="section-4.1-4.10">
+ The resource records block expiration time. This is the expiration
+ time of the resource record contained within this block with the
+ smallest expiration time.
+ This is a 64-bit absolute date in microseconds since midnight
+ (0 hour), January 1, 1970 in network byte order.<a href="#section-4.1-4.10" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-4.1-4.11">BDATA</dt>
+ <dd id="section-4.1-4.12">
+ The encrypted resource records with a total size of "BDATA SIZE".<a href="#section-4.1-4.12" class="pilcrow">¶</a>
+</dd>
+ </dl>
+<section id="section-4.1.1">
+ <h4 id="name-block-data-encryption">
+<a href="#section-4.1.1" class="section-number selfRef">4.1.1. </a><a href="#name-block-data-encryption" class="section-name selfRef">Block data encryption</a>
+ </h4>
+<p id="section-4.1.1-1">
+ Given a GNS record block a symmetric encryption scheme is used to
+ en-/decrypt "BDATA". The keys are derived from the record label "l"
+ and a public key "d*P", where "d" is an ECDSA private key and "P"
+ is the EC generator. "d" and "dG" are derived from the
+ public/private key pair "x,y" of a GNS zone.
+ Both "l" and "P" are implicity known by the GNS resolver.
+ The key material "K" and initialization vector "IV"
+ are derived as follows:<a href="#section-4.1.1-1" class="pilcrow">¶</a></p>
+<div class="artwork art-text alignLeft" id="section-4.1.1-2">
+<pre>
+ h := HKDF ("key-derivation", l|y|"gns")
+ d := h*x mod p
+ K := HKDF (d*P, l|"gns-aes-ctx-key")
+ IV := HKDF (d*P, l|"gns-aes-ctx-iv")
+ </pre><a href="#section-4.1.1-2" class="pilcrow">¶</a>
+</div>
+<p id="section-4.1.1-3">
+ "HKDF" is a hash-based key derivation function as defined in
+ <span>[<a href="#RFC5869" class="xref">RFC5869</a>]</span>. We use HMAC-SHA512 for the extraction
+ phase and HMAC-SHA256 for the expansion phase as proposed in
+ (paper). The first argument for HKDF is the salt and the second
+ argument is the concatenated, serialized source key material.
+ We divide the resulting 512-bit "K" into a 256-bit AES key "Kaes"
+ and a 256-bit TWOFISH key "Ktwo":<a href="#section-4.1.1-3" class="pilcrow">¶</a></p>
+<div id="figure_hkdf_keys">
+<figure id="figure-4">
+ <div class="artwork art-text alignLeft" id="section-4.1.1-4.1">
+<pre>
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | AES KEY (Kaes) |
+ | |
+ | |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | TWOFISH KEY (Ktwo) |
+ | |
+ | |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ </pre>
+</div>
+<figcaption><a href="#figure-4" class="selfRef">Figure 4</a></figcaption></figure>
+</div>
+<p id="section-4.1.1-5">
+ Similarly, we divide "IV" into a 128-bit initialization vector IVaes
+ and a 128-bit initialization vector IVtwo:<a href="#section-4.1.1-5" class="pilcrow">¶</a></p>
+<div id="figure_hkdf_ivs">
+<figure id="figure-5">
+ <div class="artwork art-text alignLeft" id="section-4.1.1-6.1">
+<pre>
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | AES IV (IVaes) |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | TWOFISH IV (IVtwo) |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ </pre>
+</div>
+<figcaption><a href="#figure-5" class="selfRef">Figure 5</a></figcaption></figure>
+</div>
+<p id="section-4.1.1-7">
+ The symmetric keys and IVs are used for a AES+TWOFISH combined
+ cipher. Both ciphers are used in CFB (ref) mode.<a href="#section-4.1.1-7" class="pilcrow">¶</a></p>
+<div class="artwork art-text alignLeft" id="section-4.1.1-8">
+<pre>
+ RDATA := AES(Kaes, IVaes, TWOFISH(Ktwo, IVtwo, BDATA))
+ BDATA := TWOFISH(Ktwo, IVtwo, AES(Kaes, IVaes, RDATA))
+ </pre><a href="#section-4.1.1-8" class="pilcrow">¶</a>
+</div>
+<p id="section-4.1.1-9">
+ The decrypted RDATA has the following format:<a href="#section-4.1.1-9" class="pilcrow">¶</a></p>
+<div id="figure_rdata">
+<figure id="figure-6">
+ <div class="artwork art-text alignLeft" id="section-4.1.1-10.1">
+<pre>
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | RR COUNT | RRs |
+ +-----+-----+-----+-----+ /
+ / /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ </pre>
+</div>
+<figcaption><a href="#figure-6" class="selfRef">Figure 6</a></figcaption></figure>
+</div>
+<p id="section-4.1.1-11">where:<a href="#section-4.1.1-11" class="pilcrow">¶</a></p>
+<dl class="dlParallel" id="section-4.1.1-12">
+ <dt id="section-4.1.1-12.1">RR COUNT</dt>
+ <dd id="section-4.1.1-12.2">
+ A 32-bit value containing the number of resource records which are
+ following.<a href="#section-4.1.1-12.2" class="pilcrow">¶</a>
+</dd>
+ <dt id="section-4.1.1-12.3">RR</dt>
+ <dd id="section-4.1.1-12.4">
+ A set of resoure records as defined in <a href="#rrecords" class="xref">Section 3</a>.<a href="#section-4.1.1-12.4" class="pilcrow">¶</a>
+</dd>
+ </dl>
+</section>
+</section>
+</div>
+<div id="encoding">
+<section id="section-4.2">
+ <h3 id="name-internationalization-and-ch">
+<a href="#section-4.2" class="section-number selfRef">4.2. </a><a href="#name-internationalization-and-ch" class="section-name selfRef">Internationalization and Character Encoding</a>
+ </h3>
+<p id="section-4.2-1">
+ TODO<a href="#section-4.2-1" class="pilcrow">¶</a></p>
+</section>
+</div>
+<div id="security">
+<section id="section-4.3">
+ <h3 id="name-security-considerations">
+<a href="#section-4.3" class="section-number selfRef">4.3. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
+ </h3>
+<p id="section-4.3-1">
+ TODO<a href="#section-4.3-1" class="pilcrow">¶</a></p>
+</section>
+</div>
+</section>
+</div>
+<div id="resolution">
+<section id="section-5">
+ <h2 id="name-record-resolution">
+<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-record-resolution" class="section-name selfRef">Record Resolution</a>
+ </h2>
+<p id="section-5-1">
+ TODO<a href="#section-5-1" class="pilcrow">¶</a></p>
+</section>
+</div>
+<div id="revocation">
+<section id="section-6">
+ <h2 id="name-namespace-revocation">
+<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-namespace-revocation" class="section-name selfRef">Namespace Revocation</a>
+ </h2>
+<p id="section-6-1">
+ TODO<a href="#section-6-1" class="pilcrow">¶</a></p>
+</section>
+</div>
+<div id="iana">
+<section id="section-7">
+ <h2 id="name-iana-considerations">
+<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
+ </h2>
+<p id="section-7-1">
+ This will be fun<a href="#section-7-1" class="pilcrow">¶</a></p>
+</section>
+</div>
+<section id="section-8">
+ <h2 id="name-normative-references">
+<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
+ </h2>
+<dl class="references">
+<dt id="RFC1035">[RFC1035]</dt>
+ <dd>
+<span class="refAuthor">Mockapetris, P.</span>, <span class="refTitle">"Domain names - implementation and specification"</span>, <span class="seriesInfo">STD 13</span>, <span class="seriesInfo">RFC 1035</span>, <span class="seriesInfo">DOI 10.17487/RFC1035</span>, <time datetime="1987-11">November 1987</time>, <span><<a href="https://www.rfc-editor.org/info/rfc1035">https://www.rfc-editor.org/info/rfc1035</a>></span>. </dd>
+<dt id="RFC5869">[RFC5869]</dt>
+ <dd>
+<span class="refAuthor">Krawczyk, H.</span><span class="refAuthor"> and P. Eronen</span>, <span class="refTitle">"
+ HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
+ "</span>, <span class="seriesInfo">RFC 5869</span>, <span class="seriesInfo">DOI 10.17487/RFC5869</span>, <time datetime="2010-05">May 2010</time>, <span><<a href="https://www.rfc-editor.org/info/rfc5869">https://www.rfc-editor.org/info/rfc5869</a>></span>. </dd>
+<dt id="RFC7748">[RFC7748]</dt>
+ <dd>
+<span class="refAuthor">Langley, A.</span><span class="refAuthor">, Hamburg, M.</span><span class="refAuthor">, and S. Turner</span>, <span class="refTitle">"Elliptic Curves for Security"</span>, <span class="seriesInfo">RFC 7748</span>, <span class="seriesInfo">DOI 10.17487/RFC7748</span>, <time datetime="2016-01">January 2016</time>, <span><<a href="https://www.rfc-editor.org/info/rfc7748">https://www.rfc-editor.org/info/rfc7748</a>></span>. </dd>
+</dl>
+</section>
+<div id="authors-addresses">
+<section id="section-appendix.a">
+ <h2 id="name-authors-address">
+<a href="#name-authors-address" class="section-name selfRef">Author's Address</a>
+ </h2>
+<address class="vcard">
+ <div dir="auto" class="left"><span class="fn nameRole">Martin Schanzenbach</span></div>
+<div dir="auto" class="left"><span class="org">GNUnet e.V.</span></div>
+<div dir="auto" class="left"><span class="street-address">Boltzmannstrasse 3</span></div>
+<div dir="auto" class="left">
+<span class="postal-code">85748</span> <span class="locality">Garching</span>
+</div>
+<div dir="auto" class="left"><span class="country-name">Germany</span></div>
+<div class="email">
+<span>Email:</span>
+<a href="mailto:schanzen@gnunet.org" class="email">schanzen@gnunet.org</a>
+</div>
+</address>
+</section>
+</div>
+<script>var toc = document.getElementById("toc");
+var tocToggle = toc.querySelector("h2");
+var tocNav = toc.querySelector("nav");
+
+// mobile menu toggle
+tocToggle.onclick = function(event) {
+ if (window.innerWidth < 1024) {
+ var tocNavDisplay = tocNav.currentStyle ? tocNav.currentStyle.display : getComputedStyle(tocNav, null).display;
+ if (tocNavDisplay == "none") {
+ tocNav.style.display = "block";
+ } else {
+ tocNav.style.display = "none";
+ }
+ }
+}
+
+// toc anchor scroll to anchor
+tocNav.addEventListener("click", function (event) {
+ event.preventDefault();
+ if (event.target.nodeName == 'A') {
+ if (window.innerWidth < 1024) {
+ tocNav.style.display = "none";
+ }
+ var href = event.target.getAttribute("href");
+ var anchorId = href.substr(1);
+ var anchor = document.getElementById(anchorId);
+ anchor.scrollIntoView(true);
+ window.history.pushState("","",href);
+ }
+});
+
+// switch toc mode when window resized
+window.onresize = function () {
+ if (window.innerWidth < 1024) {
+ tocNav.style.display = "none";
+ } else {
+ tocNav.style.display = "block";
+ }
+}
+</script>
+</body>
+</html>
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -92,9 +92,10 @@ Table of Contents
A zone in GNS is defined by a public/private ECC key pair (x,y),
where x is the private key and y the public key. The keys are
constructed using the Curve25519 ECC scheme as defined in [RFC7748].
- The schemes defines that "y := x*P". The public key is used to
- uniquely identify and refer to the zone. Records published in the
- zone are signed using a private key derived from the private key as
+ The schemes defines that "y := x*P" where "P" is the generator of the
+ respective elliptic curve. The public key "y" is used to uniquely
+ identify and refer to the zone. Records published in the zone are
+ signed using a private key derived from the private key "d" as
described in Section 4.
3. Resource records
@@ -108,7 +109,6 @@ Table of Contents
-
Schanzenbach Expires 24 January 2020 [Page 2]
�
Internet-Draft The GNU Name System July 2019
@@ -140,7 +140,8 @@ Internet-Draft The GNU Name System July 2019
TYPE The resource record type. This type can be one of the GNS
resource records as defined in Section 3.2 or a DNS record type as
- defined in [RFC1035].
+ defined in [RFC1035] or any of the complementary standardized DNS
+ resource record types.
FLAGS Resource record flags. Flags are defined in Section 3.1.
@@ -155,13 +156,12 @@ Internet-Draft The GNU Name System July 2019
The a PKEY DATA entry has the following format:
- 0 8 16 24 32 40 48 56
- +-----+-----+-----+-----+-----+-----+-----+-----+
- | PUBLIC KEY |
- | |
- | |
- | |
- +-----+-----+-----+-----+-----+-----+-----+-----+
+
+
+
+
+
+
@@ -170,6 +170,14 @@ Schanzenbach Expires 24 January 2020 [Page 3]
Internet-Draft The GNU Name System July 2019
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | PUBLIC KEY |
+ | |
+ | |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+
Figure 2
4. Publishing records
@@ -213,14 +221,6 @@ Internet-Draft The GNU Name System July 2019
-
-
-
-
-
-
-
-
Schanzenbach Expires 24 January 2020 [Page 4]
�
Internet-Draft The GNU Name System July 2019
@@ -289,21 +289,24 @@ Internet-Draft The GNU Name System July 2019
Given a GNS record block a symmetric encryption scheme is used to
en-/decrypt "BDATA". The keys are derived from the record label "l"
- and a public key "dG", where "d" is an ECDSA private key and "G" is a
- EC generator. "d" and "dG" are derived from the public/private key
- pair "x,P" of a GNS zone. Both "l" and "P" are implicity known by
- the GNS resolver. The key material "K" and initialization vector
+ and a public key "d*P", where "d" is an ECDSA private key and "P" is
+ the EC generator. "d" and "dG" are derived from the public/private
+ key pair "x,y" of a GNS zone. Both "l" and "P" are implicity known
+ by the GNS resolver. The key material "K" and initialization vector
"IV" are derived as follows:
- h := sha512 (l,y)
- d := h*x mod n
- K := HKDF (dG,l,"gns-aes-ctx-key")
- IV := HKDF (dG,l,"gns-aes-ctx-iv")
+ h := HKDF ("key-derivation", l|y|"gns")
+ d := h*x mod p
+ K := HKDF (d*P, l|"gns-aes-ctx-key")
+ IV := HKDF (d*P, l|"gns-aes-ctx-iv")
"HKDF" is a hash-based key derivation function as defined in
- [RFC5869]. For the XTR, we use HMAC-SHA512 and HMAC-SHA256 in PRF as
- proposed in (paper). We divide "K" into a 256-bit AES key "Kaes" and
- a 256-bit TWOFISH key "Ktwo".
+ [RFC5869]. We use HMAC-SHA512 for the extraction phase and HMAC-
+ SHA256 for the expansion phase as proposed in (paper). The first
+ argument for HKDF is the salt and the second argument is the
+ concatenated, serialized source key material. We divide the
+ resulting 512-bit "K" into a 256-bit AES key "Kaes" and a 256-bit
+ TWOFISH key "Ktwo":
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
@@ -330,9 +333,6 @@ Internet-Draft The GNU Name System July 2019
-
-
-
Schanzenbach Expires 24 January 2020 [Page 6]
�
Internet-Draft The GNU Name System July 2019
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -60,10 +60,11 @@
is the private key and y the public key.
The keys are constructed using the Curve25519 ECC scheme as defined in
<xref target="RFC7748" />.
- The schemes defines that "y := x*P".
- The public key is used to uniquely identify and refer to the zone.
+ The schemes defines that "y := x*P" where "P" is the generator of the
+ respective elliptic curve.
+ The public key "y" is used to uniquely identify and refer to the zone.
Records published in the zone are signed using a private key derived
- from the private key as described in <xref target="publish" />.
+ from the private key "d" as described in <xref target="publish" />.
</t>
</section>
<section anchor="rrecords" numbered="true" toc="default">
@@ -105,7 +106,8 @@
<dd>
The resource record type. This type can be one of the GNS resource
records as defined in <xref target="gnsrecords" /> or a DNS record
- type as defined in <xref target="RFC1035" />.
+ type as defined in <xref target="RFC1035" /> or any of the
+ complementary standardized DNS resource record types.
</dd>
<dt>FLAGS</dt>
<dd>
@@ -251,24 +253,27 @@
<t>
Given a GNS record block a symmetric encryption scheme is used to
en-/decrypt "BDATA". The keys are derived from the record label "l"
- and a public key "dG", where "d" is an ECDSA private key and "G"
- is a EC generator. "d" and "dG" are derived from the public/private
- key pair "x,P" of a GNS zone.
+ and a public key "d*P", where "d" is an ECDSA private key and "P"
+ is the EC generator. "d" and "dG" are derived from the
+ public/private key pair "x,y" of a GNS zone.
Both "l" and "P" are implicity known by the GNS resolver.
The key material "K" and initialization vector "IV"
are derived as follows:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
- h := sha512 (l,y)
- d := h*x mod n
- K := HKDF (dG,l,"gns-aes-ctx-key")
- IV := HKDF (dG,l,"gns-aes-ctx-iv")
+ h := HKDF ("key-derivation", l|y|"gns")
+ d := h*x mod p
+ K := HKDF (d*P, l|"gns-aes-ctx-key")
+ IV := HKDF (d*P, l|"gns-aes-ctx-iv")
]]></artwork>
<t>
"HKDF" is a hash-based key derivation function as defined in
- <xref target="RFC5869" />. For the XTR, we use HMAC-SHA512 and
- HMAC-SHA256 in PRF as proposed in (paper). We divide "K" into a
- 256-bit AES key "Kaes" and a 256-bit TWOFISH key "Ktwo".
+ <xref target="RFC5869" />. We use HMAC-SHA512 for the extraction
+ phase and HMAC-SHA256 for the expansion phase as proposed in
+ (paper). The first argument for HKDF is the salt and the second
+ argument is the concatenated, serialized source key material.
+ We divide the resulting 512-bit "K" into a 256-bit AES key "Kaes"
+ and a 256-bit TWOFISH key "Ktwo":
</t>
<figure anchor="figure_hkdf_keys">
<artwork name="" type="" align="left" alt=""><