commit bfd0bda0c47e8ed62e31fcfcfefb9b78f23c9320
parent 364f9dae52c3cf9007482caa28ef8e0ff858b2f3
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Mon, 20 Dec 2021 12:15:46 +0100
vpn update
Diffstat:
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -492,7 +492,6 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
regular records when resolving labels in local zones.
</dd>
</dl>
- </section>
<section anchor="gnsrecords_numbers" numbered="true" toc="default">
<name>Record Types</name>
<t>
@@ -668,7 +667,6 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
</figure>
<t>The Block Counter Wire Format.</t>
</section>
-
<section anchor="gnsrecords_edkey" numbered="true" toc="default">
<name>EDKEY</name>
<t>
@@ -1068,6 +1066,14 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
<section anchor="gnsrecords_vpn" numbered="true" toc="default">
<name>VPN</name>
<t>
+ The GNUnet Virtual Public Network <xref target="GNUnet"/> can
+ establish a tunnel between two peers in the peer-to-peer network.
+ In order to facilitate the use of such tunnels, the
+ VPN record allows resolvers to automatically initiate its establishment
+ and provide IP address information in the resolution process as
+ specified in <xref target="resolution"/>.
+ </t>
+ <t>
A VPN DATA entry wire format is illustrated in
<xref target="figure_vpnrecord"/>.
</t>
@@ -1111,6 +1117,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
</dl>
</section>
</section>
+ </section>
<section anchor="publish" numbered="true" toc="default">
<name>Record Storage</name>
<t>
@@ -1496,8 +1503,8 @@ example.com = zk2
for the record type SHOULD be considered. If a VPN record is found
and the client requests an A or AAAA record, the VPN record
SHOULD be converted (<xref target="vpn_processing" />)
- if possible.
- </li>
+ if possible.
+ </li>
</ol>
<section anchor="delegation_processing" numbered="true" toc="default">
<name>Encountering Zone Delegation Records</name>
@@ -1629,8 +1636,9 @@ example.com = zk2
open a tunnel and return the IPv4 or IPv6 tunnel address,
respectively.
The type of tunnel depends on the contents of the VPN record data.
- The VPN record MUST be returned if the resolver implementation
- does not support setting up a tunnnel.
+ If the implementation does not have the capacity to establish
+ a VPN tunnel, for example because it is not connected to the GNUnet
+ network, the record set MUST be returned as retrieved from the network.
</t>
</section>
<section anchor="nick_processing" numbered="true" toc="default">
