commit ca5614d7f6b1213c94dade53a251511da5a00985
parent 1e4f9902a4c03d8b5f40d189f590c5ad0155ffd9
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Thu, 13 Feb 2020 19:23:45 +0100
add concept of supplemental records
Diffstat:
3 files changed, 394 insertions(+), 304 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
@@ -4,18 +4,17 @@
<meta charset="utf-8">
<meta content="Common,Latin" name="scripts">
<meta content="initial-scale=1.0" name="viewport">
-<title>
- The GNU Name System Specification
- </title>
+<title>The GNU Name System Specification</title>
<meta content="Martin Schanzenbach" name="author">
<meta content="Christian Grothoff" name="author">
<meta content="Bernd Fix" name="author">
<meta content="
This document contains the GNU Name System (GNS) technical specification.
" name="description">
-<meta content="xml2rfc 2.26.0" name="generator">
+<meta content="xml2rfc 2.39.0" name="generator">
<meta content="name systems" name="keyword">
-<link href="draft-schanzen-gns.xml" type="application/rfc+xml" rel="alternate">
+<meta content="draft-schanzen-gns-00" name="ietf.draft">
+<link href="draft-schanzen-gns.xml" rel="alternate" type="application/rfc+xml">
<link href="#copyright" rel="license">
<style type="text/css">/*
@@ -911,17 +910,16 @@ caption a[href] {
}
/* Avoid page breaks inside dl and author address entries */
- dd {
- page-break-before: avoid;
- }
.vcard {
page-break-inside: avoid;
}
}
/* Avoid wrapping of URLs in references */
-.references a {
- white-space: nowrap;
+@media screen {
+ .references a {
+ white-space: nowrap;
+ }
}
/* Tweak the bcp14 keyword presentation */
.bcp14 {
@@ -943,10 +941,12 @@ caption a[href] {
padding-top: 24px;
}
/* Float artwork pilcrow to the right */
-.artwork a.pilcrow {
- display: block;
- line-height: 0.7;
- margin-top: 0.15em;
+@media screen {
+ .artwork a.pilcrow {
+ display: block;
+ line-height: 0.7;
+ margin-top: 0.15em;
+ }
}
/* Make pilcrows on dd visible */
@media screen {
@@ -966,12 +966,84 @@ caption a[href] {
.alignRight {
margin: 1em 0 0 0;
}
-</style>
-<link href="rfc-local.css" type="text/css" rel="stylesheet">
+/* In print, the pilcrow won't show on hover, so prevent it from taking up space,
+ possibly even requiring a new line */
+@media print {
+ a.pilcrow {
+ display: none;
+ }
+}
+/* Styling for the external metadata */
+div#external-metadata {
+ background-color: #eee;
+ padding: 0.5em;
+ margin-bottom: 0.5em;
+ display: none;
+}
+div#internal-metadata {
+ padding: 0.5em; /* to match the external-metadata padding */
+}
+/* Styling for title RFC Number */
+h1#rfcnum {
+ clear: both;
+ margin: 0 0 -1em;
+ padding: 1em 0 0 0;
+}
+/* Make .olPercent look the same as <ol><li> */
+dl.olPercent > dd {
+ margin: 0 0 0.25em 0;
+ min-height: initial;
+}
+/* Give aside some styling to set it apart */
+aside {
+ border-left: 1px solid #ddd;
+ margin: 1em 0 1em 2em;
+ padding: 0.2em 2em;
+}
+aside > dl,
+aside > ol,
+aside > ul,
+aside > table,
+aside > p {
+ margin-bottom: 0.5em;
+}
+/* Additional page break settings */
+@media print {
+ figcaption, table caption {
+ page-break-before: avoid;
+ }
+}
+/* Font size adjustments for print */
+@media print {
+ body { font-size: 10pt; line-height: normal; max-width: 96%; }
+ h1 { font-size: 1.72em; padding-top: 1.5em; } /* 1*1.2*1.2*1.2 */
+ h2 { font-size: 1.44em; padding-top: 1.5em; } /* 1*1.2*1.2 */
+ h3 { font-size: 1.2em; padding-top: 1.5em; } /* 1*1.2 */
+ h4 { font-size: 1em; padding-top: 1.5em; }
+ h5, h6 { font-size: 1em; margin: initial; padding: 0.5em 0 0.3em; }
+}
+/* Sourcecode margin in print, when there's no pilcrow */
+@media print {
+ .artwork,
+ .sourcecode {
+ margin-bottom: 1em;
+ }
+}
+/*
+ The margin-left: 0 on <dd> removes all distinction
+ between levels from nested <dl>s. Undo that.
+*/
+dl.olPercent > dd,
+dd {
+ margin-left: revert;
+}
+/* Avoid narrow tables forcing too narrow table captions, which may render badly */
+table {
+ min-width: 20em;
+}</style>
+<link href="rfc-local.css" rel="stylesheet" type="text/css">
</head>
<body>
-<script>
-async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(let t=0;t<e.length;t++)if(/#identifiers/.exec(e[t].selectorText)){const a=e[t].cssText.replace("#identifiers","#metadata");document.styleSheets[0].insertRule(a,document.styleSheets[0].cssRules.length)}}catch(e){console.log(e)}const e=document.getElementById("metadata");if(e){e.style.background="#eee";try{var t;t=document.URL.indexOf("html")>=0?document.URL.replace(/html$/,"json"):document.URL+".json";const o=await fetch(t),s=(await o.json())[0],r="",d="https://datatracker.ietf.org/doc",l="https://datatracker.ietf.org/ipr/search",c="https://www.rfc-editor.org/info",n=s.doc_id.toLowerCase(),i=s.doc_id.slice(0,3).toLowerCase(),f=s.doc_id.slice(3).replace(/^0+/,""),h={status:"Status",obsoletes:"Obsoletes",obsoleted_by:"Obsoleted By",updates:"Updates",updated_by:"Updated By",see_also:"See Also",errata_url:"Errata"};let u="<dl style='overflow:hidden'>";["status","obsoletes","obsoleted_by","updates","updated_by","see_also","errata_url"].forEach(e=>{if("status"==e){s[e]=s[e].toLowerCase();var t=s[e].split(" ");sLen=t.length;var o="",p=1;for(let e=0;e<sLen;e++)p<sLen?o=o+a(t[e])+" ":o+=a(t[e]),p++;s[e]=o}else if("obsoletes"==e||"obsoleted_by"==e||"updates"==e||"updated_by"==e){var b,g="",y=1;b=s[e].length;for(let t=0;t<b;t++)s[e][t]&&(s[e][t]=String(s[e][t]).toLowerCase(),g=y<b?g+"<a href='"+r+"/rfc/".concat(s[e][t])+"'>"+s[e][t].slice(3)+"</a>, ":g+"<a href='"+r+"/rfc/".concat(s[e][t])+"'>"+s[e][t].slice(3)+"</a>",y++);s[e]=g}else if("see_also"==e){var m,w="",L=1;m=s[e].length;for(let t=0;t<m;t++)if(s[e][t]){s[e][t]=String(s[e][t]);var _=s[e][t].slice(0,3),v=s[e][t].slice(3).replace(/^0+/,"");w=L<m?w+"<a href='"+r+"/"+_.toLowerCase()+"/".concat(v.toLowierCase())+"'>"+_+" "+v+"</a>, ":w+"<a href='"+r+"/"+_.toLowerCase()+"/".concat(v.toLowerCase())+"'>"+_+" "+v+"</a>",L++}s[e]=w}else if("errata_url"==e){var C="";C=s[e]?C+"<a href='"+s[e]+"'>Errata exist</a>, <a href='"+d+"/"+n+"'>Datatracker</a>, <a href='"+l+"/?"+i+"="+f+"&submit="+i+"'>IPR</a>, <a href='"+c+"/"+n+"'>Info page</a>":"<a href='"+d+"/"+n+"'>Datatracker</a>, <a href='"+l+"/?"+i+"="+f+"&submit="+i+"'>IPR</a>, <a href='"+c+"/"+n+"'>Info page</a>",s[e]=C}""!=s[e]?"Errata"==h[e]?u+=`<dt>More info:</dt><dd>${s[e]}</dd>`:u+=`<dt>${h[e]}:</dt><dd>${s[e]}</dd>`:"Errata"==h[e]&&(u+=`<dt>More info:</dt><dd>${s[e]}</dd>`)}),u+="</dl>",e.innerHTML=u}catch(e){console.log(e)}}else console.log("Could not locate metadata <div> element");function a(e){return e.charAt(0).toUpperCase()+e.slice(1)}}window.addEventListener("load",addMetadata);</script>
<script src="metadata.min.js"></script>
<table class="ears">
<thead><tr>
@@ -985,7 +1057,8 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<td class="right">[Page]</td>
</tr></tfoot>
</table>
-<div class="document-information">
+<div id="external-metadata" class="document-information"></div>
+<div id="internal-metadata" class="document-information">
<dl id="identifiers">
<dt class="label-workgroup">Workgroup:</dt>
<dd class="workgroup">Independent Stream</dd>
@@ -1016,9 +1089,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
</dd>
</dl>
</div>
-<h1 id="title">
- The GNU Name System Specification
- </h1>
+<h1 id="title">The GNU Name System Specification</h1>
<section id="section-abstract">
<h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
<p id="section-abstract-1">This document contains the GNU Name System (GNS) technical specification.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
@@ -1066,117 +1137,117 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
</section>
</div>
<div id="toc">
-<section id="section-boilerplate.3">
+<section id="section-toc.1">
<a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents">
<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
</h2>
<nav class="toc"><ul class="toc ulEmpty">
-<li class="toc ulEmpty" id="section-boilerplate.3-1.1">
- <p id="section-boilerplate.3-1.1.1"><a href="#section-1" class="xref">1</a>. <a href="#name-introduction" class="xref">Introduction</a><a href="#section-boilerplate.3-1.1.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.1">
+ <p id="section-toc.1-1.1.1"><a href="#section-1" class="xref">1</a>. <a href="#name-introduction" class="xref">Introduction</a><a href="#section-toc.1-1.1.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.2">
- <p id="section-boilerplate.3-1.2.1"><a href="#section-2" class="xref">2</a>. <a href="#name-zones" class="xref">Zones</a><a href="#section-boilerplate.3-1.2.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.2">
+ <p id="section-toc.1-1.2.1"><a href="#section-2" class="xref">2</a>. <a href="#name-zones" class="xref">Zones</a><a href="#section-toc.1-1.2.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3">
- <p id="section-boilerplate.3-1.3.1"><a href="#section-3" class="xref">3</a>. <a href="#name-resource-records" class="xref">Resource Records</a><a href="#section-boilerplate.3-1.3.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3">
+ <p id="section-toc.1-1.3.1"><a href="#section-3" class="xref">3</a>. <a href="#name-resource-records" class="xref">Resource Records</a><a href="#section-toc.1-1.3.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty">
-<li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.1">
- <p id="section-boilerplate.3-1.3.2.1.1"><a href="#section-3.1" class="xref">3.1</a>. <a href="#name-record-types" class="xref">Record Types</a><a href="#section-boilerplate.3-1.3.2.1.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.1">
+ <p id="section-toc.1-1.3.2.1.1"><a href="#section-3.1" class="xref">3.1</a>. <a href="#name-record-types" class="xref">Record Types</a><a href="#section-toc.1-1.3.2.1.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.2">
- <p id="section-boilerplate.3-1.3.2.2.1"><a href="#section-3.2" class="xref">3.2</a>. <a href="#name-pkey" class="xref">PKEY</a><a href="#section-boilerplate.3-1.3.2.2.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.2">
+ <p id="section-toc.1-1.3.2.2.1"><a href="#section-3.2" class="xref">3.2</a>. <a href="#name-pkey" class="xref">PKEY</a><a href="#section-toc.1-1.3.2.2.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.3">
- <p id="section-boilerplate.3-1.3.2.3.1"><a href="#section-3.3" class="xref">3.3</a>. <a href="#name-gns2dns" class="xref">GNS2DNS</a><a href="#section-boilerplate.3-1.3.2.3.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.3">
+ <p id="section-toc.1-1.3.2.3.1"><a href="#section-3.3" class="xref">3.3</a>. <a href="#name-gns2dns" class="xref">GNS2DNS</a><a href="#section-toc.1-1.3.2.3.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.4">
- <p id="section-boilerplate.3-1.3.2.4.1"><a href="#section-3.4" class="xref">3.4</a>. <a href="#name-leho" class="xref">LEHO</a><a href="#section-boilerplate.3-1.3.2.4.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.4">
+ <p id="section-toc.1-1.3.2.4.1"><a href="#section-3.4" class="xref">3.4</a>. <a href="#name-leho" class="xref">LEHO</a><a href="#section-toc.1-1.3.2.4.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.5">
- <p id="section-boilerplate.3-1.3.2.5.1"><a href="#section-3.5" class="xref">3.5</a>. <a href="#name-nick" class="xref">NICK</a><a href="#section-boilerplate.3-1.3.2.5.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.5">
+ <p id="section-toc.1-1.3.2.5.1"><a href="#section-3.5" class="xref">3.5</a>. <a href="#name-nick" class="xref">NICK</a><a href="#section-toc.1-1.3.2.5.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.6">
- <p id="section-boilerplate.3-1.3.2.6.1"><a href="#section-3.6" class="xref">3.6</a>. <a href="#name-box" class="xref">BOX</a><a href="#section-boilerplate.3-1.3.2.6.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.6">
+ <p id="section-toc.1-1.3.2.6.1"><a href="#section-3.6" class="xref">3.6</a>. <a href="#name-box" class="xref">BOX</a><a href="#section-toc.1-1.3.2.6.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.7">
- <p id="section-boilerplate.3-1.3.2.7.1"><a href="#section-3.7" class="xref">3.7</a>. <a href="#name-vpn" class="xref">VPN</a><a href="#section-boilerplate.3-1.3.2.7.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.7">
+ <p id="section-toc.1-1.3.2.7.1"><a href="#section-3.7" class="xref">3.7</a>. <a href="#name-vpn" class="xref">VPN</a><a href="#section-toc.1-1.3.2.7.1" class="pilcrow">¶</a></p>
</li>
- </ul>
+</ul>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.4">
- <p id="section-boilerplate.3-1.4.1"><a href="#section-4" class="xref">4</a>. <a href="#name-publishing-records" class="xref">Publishing Records</a><a href="#section-boilerplate.3-1.4.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.4">
+ <p id="section-toc.1-1.4.1"><a href="#section-4" class="xref">4</a>. <a href="#name-publishing-records" class="xref">Publishing Records</a><a href="#section-toc.1-1.4.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty">
-<li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.1">
- <p id="section-boilerplate.3-1.4.2.1.1"><a href="#section-4.1" class="xref">4.1</a>. <a href="#name-key-derivations" class="xref">Key Derivations</a><a href="#section-boilerplate.3-1.4.2.1.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.4.2.1">
+ <p id="section-toc.1-1.4.2.1.1"><a href="#section-4.1" class="xref">4.1</a>. <a href="#name-key-derivations" class="xref">Key Derivations</a><a href="#section-toc.1-1.4.2.1.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.2">
- <p id="section-boilerplate.3-1.4.2.2.1"><a href="#section-4.2" class="xref">4.2</a>. <a href="#name-resource-records-block" class="xref">Resource Records Block</a><a href="#section-boilerplate.3-1.4.2.2.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.4.2.2">
+ <p id="section-toc.1-1.4.2.2.1"><a href="#section-4.2" class="xref">4.2</a>. <a href="#name-resource-records-block" class="xref">Resource Records Block</a><a href="#section-toc.1-1.4.2.2.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.3">
- <p id="section-boilerplate.3-1.4.2.3.1"><a href="#section-4.3" class="xref">4.3</a>. <a href="#name-record-data-encryption-and-" class="xref">Record Data Encryption and Decryption</a><a href="#section-boilerplate.3-1.4.2.3.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.4.2.3">
+ <p id="section-toc.1-1.4.2.3.1"><a href="#section-4.3" class="xref">4.3</a>. <a href="#name-record-data-encryption-and-" class="xref">Record Data Encryption and Decryption</a><a href="#section-toc.1-1.4.2.3.1" class="pilcrow">¶</a></p>
</li>
- </ul>
+</ul>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.5">
- <p id="section-boilerplate.3-1.5.1"><a href="#section-5" class="xref">5</a>. <a href="#name-internationalization-and-ch" class="xref">Internationalization and Character Encoding</a><a href="#section-boilerplate.3-1.5.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.5">
+ <p id="section-toc.1-1.5.1"><a href="#section-5" class="xref">5</a>. <a href="#name-internationalization-and-ch" class="xref">Internationalization and Character Encoding</a><a href="#section-toc.1-1.5.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.6">
- <p id="section-boilerplate.3-1.6.1"><a href="#section-6" class="xref">6</a>. <a href="#name-name-resolution" class="xref">Name Resolution</a><a href="#section-boilerplate.3-1.6.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6">
+ <p id="section-toc.1-1.6.1"><a href="#section-6" class="xref">6</a>. <a href="#name-name-resolution" class="xref">Name Resolution</a><a href="#section-toc.1-1.6.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty">
-<li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.1">
- <p id="section-boilerplate.3-1.6.2.1.1"><a href="#section-6.1" class="xref">6.1</a>. <a href="#name-recursion" class="xref">Recursion</a><a href="#section-boilerplate.3-1.6.2.1.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.1">
+ <p id="section-toc.1-1.6.2.1.1"><a href="#section-6.1" class="xref">6.1</a>. <a href="#name-recursion" class="xref">Recursion</a><a href="#section-toc.1-1.6.2.1.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.2">
- <p id="section-boilerplate.3-1.6.2.2.1"><a href="#section-6.2" class="xref">6.2</a>. <a href="#name-record-processing" class="xref">Record Processing</a><a href="#section-boilerplate.3-1.6.2.2.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2">
+ <p id="section-toc.1-1.6.2.2.1"><a href="#section-6.2" class="xref">6.2</a>. <a href="#name-record-processing" class="xref">Record Processing</a><a href="#section-toc.1-1.6.2.2.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty">
-<li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.2.2.1">
- <p id="section-boilerplate.3-1.6.2.2.2.1.1"><a href="#section-6.2.1" class="xref">6.2.1</a>. <a href="#name-pkey-2" class="xref">PKEY</a><a href="#section-boilerplate.3-1.6.2.2.2.1.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2.2.1">
+ <p id="section-toc.1-1.6.2.2.2.1.1"><a href="#section-6.2.1" class="xref">6.2.1</a>. <a href="#name-pkey-2" class="xref">PKEY</a><a href="#section-toc.1-1.6.2.2.2.1.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.2.2.2">
- <p id="section-boilerplate.3-1.6.2.2.2.2.1"><a href="#section-6.2.2" class="xref">6.2.2</a>. <a href="#name-gns2dns-2" class="xref">GNS2DNS</a><a href="#section-boilerplate.3-1.6.2.2.2.2.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2.2.2">
+ <p id="section-toc.1-1.6.2.2.2.2.1"><a href="#section-6.2.2" class="xref">6.2.2</a>. <a href="#name-gns2dns-2" class="xref">GNS2DNS</a><a href="#section-toc.1-1.6.2.2.2.2.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.2.2.3">
- <p id="section-boilerplate.3-1.6.2.2.2.3.1"><a href="#section-6.2.3" class="xref">6.2.3</a>. <a href="#name-cname" class="xref">CNAME</a><a href="#section-boilerplate.3-1.6.2.2.2.3.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2.2.3">
+ <p id="section-toc.1-1.6.2.2.2.3.1"><a href="#section-6.2.3" class="xref">6.2.3</a>. <a href="#name-cname" class="xref">CNAME</a><a href="#section-toc.1-1.6.2.2.2.3.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.2.2.4">
- <p id="section-boilerplate.3-1.6.2.2.2.4.1"><a href="#section-6.2.4" class="xref">6.2.4</a>. <a href="#name-box-2" class="xref">BOX</a><a href="#section-boilerplate.3-1.6.2.2.2.4.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2.2.4">
+ <p id="section-toc.1-1.6.2.2.2.4.1"><a href="#section-6.2.4" class="xref">6.2.4</a>. <a href="#name-box-2" class="xref">BOX</a><a href="#section-toc.1-1.6.2.2.2.4.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.2.2.5">
- <p id="section-boilerplate.3-1.6.2.2.2.5.1"><a href="#section-6.2.5" class="xref">6.2.5</a>. <a href="#name-vpn-2" class="xref">VPN</a><a href="#section-boilerplate.3-1.6.2.2.2.5.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2.2.5">
+ <p id="section-toc.1-1.6.2.2.2.5.1"><a href="#section-6.2.5" class="xref">6.2.5</a>. <a href="#name-vpn-2" class="xref">VPN</a><a href="#section-toc.1-1.6.2.2.2.5.1" class="pilcrow">¶</a></p>
</li>
- </ul>
+</ul>
</li>
- </ul>
+</ul>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.7">
- <p id="section-boilerplate.3-1.7.1"><a href="#section-7" class="xref">7</a>. <a href="#name-zone-revocation" class="xref">Zone Revocation</a><a href="#section-boilerplate.3-1.7.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.7">
+ <p id="section-toc.1-1.7.1"><a href="#section-7" class="xref">7</a>. <a href="#name-zone-revocation" class="xref">Zone Revocation</a><a href="#section-toc.1-1.7.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.8">
- <p id="section-boilerplate.3-1.8.1"><a href="#section-8" class="xref">8</a>. <a href="#name-determining-the-root-zone-a" class="xref">Determining the Root Zone and Zone Governance</a><a href="#section-boilerplate.3-1.8.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.8">
+ <p id="section-toc.1-1.8.1"><a href="#section-8" class="xref">8</a>. <a href="#name-determining-the-root-zone-a" class="xref">Determining the Root Zone and Zone Governance</a><a href="#section-toc.1-1.8.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.9">
- <p id="section-boilerplate.3-1.9.1"><a href="#section-9" class="xref">9</a>. <a href="#name-security-considerations" class="xref">Security Considerations</a><a href="#section-boilerplate.3-1.9.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.9">
+ <p id="section-toc.1-1.9.1"><a href="#section-9" class="xref">9</a>. <a href="#name-security-considerations" class="xref">Security Considerations</a><a href="#section-toc.1-1.9.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.10">
- <p id="section-boilerplate.3-1.10.1"><a href="#section-10" class="xref">10</a>. <a href="#name-iana-considerations" class="xref">IANA Considerations</a><a href="#section-boilerplate.3-1.10.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.10">
+ <p id="section-toc.1-1.10.1"><a href="#section-10" class="xref">10</a>. <a href="#name-iana-considerations" class="xref">IANA Considerations</a><a href="#section-toc.1-1.10.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.11">
- <p id="section-boilerplate.3-1.11.1"><a href="#section-11" class="xref">11</a>. <a href="#name-test-vectors" class="xref">Test Vectors</a><a href="#section-boilerplate.3-1.11.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.11">
+ <p id="section-toc.1-1.11.1"><a href="#section-11" class="xref">11</a>. <a href="#name-test-vectors" class="xref">Test Vectors</a><a href="#section-toc.1-1.11.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.12">
- <p id="section-boilerplate.3-1.12.1"><a href="#section-12" class="xref">12</a>. <a href="#name-normative-references" class="xref">Normative References</a><a href="#section-boilerplate.3-1.12.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.12">
+ <p id="section-toc.1-1.12.1"><a href="#section-12" class="xref">12</a>. <a href="#name-normative-references" class="xref">Normative References</a><a href="#section-toc.1-1.12.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.13">
- <p id="section-boilerplate.3-1.13.1"><a href="#section-appendix.a" class="xref"></a> <a href="#name-authors-addresses" class="xref">Authors' Addresses</a><a href="#section-boilerplate.3-1.13.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.13">
+ <p id="section-toc.1-1.13.1"><a href="#section-appendix.a" class="xref"></a><a href="#name-authors-addresses" class="xref">Authors' Addresses</a><a href="#section-toc.1-1.13.1" class="pilcrow">¶</a></p>
</li>
- </ul>
+</ul>
</nav>
</section>
</div>
<div id="introduction">
<section id="section-1">
<h2 id="name-introduction">
-<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
+<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
</h2>
<p id="section-1-1">
The Domain Name System (DNS) is a unique distributed database and a vital
@@ -1224,7 +1295,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="zones">
<section id="section-2">
<h2 id="name-zones">
-<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-zones" class="section-name selfRef">Zones</a>
+<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-zones" class="section-name selfRef">Zones</a>
</h2>
<p id="section-2-1">
A zone in GNS is defined by a public/private ECDSA key pair (d,zk),
@@ -1236,40 +1307,40 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
cryptographic primitives:<a href="#section-2-1" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-2-2">
<dt id="section-2-2.1">d</dt>
- <dd id="section-2-2.2">
+<dd id="section-2-2.2">
is a 256-bit ECDSA private key.
In GNS, records are signed using a key derived from "d" as described in
<a href="#publish" class="xref">Section 4</a>.<a href="#section-2-2.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-2-2.3">p</dt>
- <dd id="section-2-2.4">
+<dt id="section-2-2.3">p</dt>
+<dd id="section-2-2.4">
is the prime of edwards25519 as defined in <span>[<a href="#RFC7748" class="xref">RFC7748</a>]</span>, i.e.
2^255 - 19.<a href="#section-2-2.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-2-2.5">B</dt>
- <dd id="section-2-2.6">
+<dt id="section-2-2.5">B</dt>
+<dd id="section-2-2.6">
is the group generator (X(P),Y(P)) of edwards25519 as defined in
<span>[<a href="#RFC7748" class="xref">RFC7748</a>]</span>.<a href="#section-2-2.6" class="pilcrow">¶</a>
</dd>
- <dt id="section-2-2.7">L</dt>
- <dd id="section-2-2.8">
+<dt id="section-2-2.7">L</dt>
+<dd id="section-2-2.8">
is the prime-order subgroup of edwards25519 in <span>[<a href="#RFC7748" class="xref">RFC7748</a>]</span>.<a href="#section-2-2.8" class="pilcrow">¶</a>
</dd>
- <dt id="section-2-2.9">zk</dt>
- <dd id="section-2-2.10">
+<dt id="section-2-2.9">zk</dt>
+<dd id="section-2-2.10">
is the ECDSA public key corresponding to d. It is defined in
<span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span> as the curve point d*B where B is the group
generator of the elliptic curve.
The public key is used to uniquely identify a GNS zone and is referred to
as the "zone key".<a href="#section-2-2.10" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="rrecords">
<section id="section-3">
<h2 id="name-resource-records">
-<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-resource-records" class="section-name selfRef">Resource Records</a>
+<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-resource-records" class="section-name selfRef">Resource Records</a>
</h2>
<p id="section-3-1">
A GNS implementor MUST provide a mechanism to create and manage resource
@@ -1302,18 +1373,18 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<p id="section-3-4">where:<a href="#section-3-4" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3-5">
<dt id="section-3-5.1">EXPIRATION</dt>
- <dd id="section-3-5.2">
+<dd id="section-3-5.2">
denotes the absolute 64-bit expiration date of the record.
In microseconds since midnight (0 hour), January 1, 1970 in network
byte order.<a href="#section-3-5.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-3-5.3">DATA SIZE</dt>
- <dd id="section-3-5.4">
+<dt id="section-3-5.3">DATA SIZE</dt>
+<dd id="section-3-5.4">
denotes the 32-bit size of the DATA field in bytes and in network byte
order.<a href="#section-3-5.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-3-5.5">TYPE</dt>
- <dd id="section-3-5.6">
+<dt id="section-3-5.5">TYPE</dt>
+<dd id="section-3-5.6">
is the 32-bit resource record type. This type can be one of the GNS resource
records as defined in <a href="#rrecords" class="xref">Section 3</a> or a DNS record
type as defined in <span>[<a href="#RFC1035" class="xref">RFC1035</a>]</span> or any of the
@@ -1321,17 +1392,17 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
stored in network byte order. Note that values
below 2^16 are reserved for allocation via IANA (<span>[<a href="#RFC6895" class="xref">RFC6895</a>]</span>).<a href="#section-3-5.6" class="pilcrow">¶</a>
</dd>
- <dt id="section-3-5.7">FLAGS</dt>
- <dd id="section-3-5.8">
+<dt id="section-3-5.7">FLAGS</dt>
+<dd id="section-3-5.8">
is a 32-bit resource record flags field (see below).<a href="#section-3-5.8" class="pilcrow">¶</a>
</dd>
- <dt id="section-3-5.9">DATA</dt>
- <dd id="section-3-5.10">
+<dt id="section-3-5.9">DATA</dt>
+<dd id="section-3-5.10">
the variable-length resource record data payload. The contents are defined
by the
respective type of the resource record.<a href="#section-3-5.10" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
<p id="section-3-6">
Flags indicate metadata surrounding the resource record. A flag
value of 0 indicates that all flags are unset. The following
@@ -1343,7 +1414,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<pre>
... 5 4 3 2 1 0
------+--------+--------+--------+--------+--------+
- / ... | SHADOW | EXPREL | / | PRIVATE| / |
+ / ... | SHADOW | EXPREL | SUPPL | PRIVATE| / |
------+--------+--------+--------+--------+--------+
</pre>
</div>
@@ -1353,33 +1424,43 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3-8" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3-9">
<dt id="section-3-9.1">SHADOW</dt>
- <dd id="section-3-9.2">
+<dd id="section-3-9.2">
If this flag is set, this record should be ignored by resolvers unless all (other)
records of the same record type have expired. Used to allow zone publishers to
facilitate good performance when records change by allowing them to put future
values of records into the DHT. This way, future values can propagate and may be
cached before the transition becomes active.<a href="#section-3-9.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-3-9.3">EXPREL</dt>
- <dd id="section-3-9.4">
+<dt id="section-3-9.3">EXPREL</dt>
+<dd id="section-3-9.4">
The expiration time value of the record is a relative time (still in microseconds)
and not an absolute time. This flag should never be encountered by a resolver
for records obtained from the DHT, but might be present when a resolver looks up
private records of a zone hosted locally.<a href="#section-3-9.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-3-9.5">PRIVATE</dt>
- <dd id="section-3-9.6">
+<dt id="section-3-9.5">
+ SUPPL
+ </dt>
+<dd id="section-3-9.6">
+ This is supplemental record. It is provided in addition to the
+ other records. This flag indicates that this record is not explicitly
+ managed alongside the other records under the respective name but
+ may be useful for the application. This flag should only be encountered
+ by a resolver for records obtained from the DHT.<a href="#section-3-9.6" class="pilcrow">¶</a>
+</dd>
+<dt id="section-3-9.7">PRIVATE</dt>
+<dd id="section-3-9.8">
This is a private record of this peer and it should thus not be
published in the DHT. Thus, this flag should never be encountered by
a resolver for records obtained from the DHT.
Private records should still be considered just like
- regular records when resolving labels in local zones.<a href="#section-3-9.6" class="pilcrow">¶</a>
+ regular records when resolving labels in local zones.<a href="#section-3-9.8" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
<div id="gnsrecords_numbers">
<section id="section-3.1">
<h3 id="name-record-types">
-<a href="#section-3.1" class="section-number selfRef">3.1. </a><a href="#name-record-types" class="section-name selfRef">Record Types</a>
+<a href="#section-3.1" class="section-number selfRef">3.1. </a><a href="#name-record-types" class="section-name selfRef">Record Types</a>
</h3>
<p id="section-3.1-1">
GNS-specific record type numbers start at 2^16, i.e. after the record
@@ -1408,7 +1489,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="gnsrecords_pkey">
<section id="section-3.2">
<h3 id="name-pkey">
-<a href="#section-3.2" class="section-number selfRef">3.2. </a><a href="#name-pkey" class="section-name selfRef">PKEY</a>
+<a href="#section-3.2" class="section-number selfRef">3.2. </a><a href="#name-pkey" class="section-name selfRef">PKEY</a>
</h3>
<p id="section-3.2-1">In GNS, a delegation of a label to a zone is represented through a PKEY
record. A PKEY resource record contains the public key of the zone to
@@ -1433,16 +1514,16 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.2-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.2-4">
<dt id="section-3.2-4.1">PUBLIC KEY</dt>
- <dd id="section-3.2-4.2">
+<dd id="section-3.2-4.2">
A 256-bit ECDSA zone key.<a href="#section-3.2-4.2" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="gnsrecords_gns2dns">
<section id="section-3.3">
<h3 id="name-gns2dns">
-<a href="#section-3.3" class="section-number selfRef">3.3. </a><a href="#name-gns2dns" class="section-name selfRef">GNS2DNS</a>
+<a href="#section-3.3" class="section-number selfRef">3.3. </a><a href="#name-gns2dns" class="section-name selfRef">GNS2DNS</a>
</h3>
<p id="section-3.3-1">It is possible to delegate a label back into DNS through a GNS2DNS record.
The resource record contains a DNS name for the resolver to continue with
@@ -1473,23 +1554,23 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.3-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.3-4">
<dt id="section-3.3-4.1">DNS NAME</dt>
- <dd id="section-3.3-4.2">
+<dd id="section-3.3-4.2">
The name to continue with in DNS (0-terminated).<a href="#section-3.3-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.3-4.3">DNS SERVER NAME</dt>
- <dd id="section-3.3-4.4">
+<dt id="section-3.3-4.3">DNS SERVER NAME</dt>
+<dd id="section-3.3-4.4">
The DNS server to use. May be an IPv4/IPv6 address in dotted decimal
form or a DNS name. It may also be a relative GNS name ending with a
"+" top-level domain. The value is UTF-8 encoded (also for DNS names)
and 0-terminated.<a href="#section-3.3-4.4" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="gnsrecords_leho">
<section id="section-3.4">
<h3 id="name-leho">
-<a href="#section-3.4" class="section-number selfRef">3.4. </a><a href="#name-leho" class="section-name selfRef">LEHO</a>
+<a href="#section-3.4" class="section-number selfRef">3.4. </a><a href="#name-leho" class="section-name selfRef">LEHO</a>
</h3>
<p id="section-3.4-1">Legacy hostname records can be used by applications that are expected
to supply a DNS name on the application layer. The most common use case
@@ -1518,10 +1599,10 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.4-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.4-4">
<dt id="section-3.4-4.1">LEGACY HOSTNAME</dt>
- <dd id="section-3.4-4.2">
+<dd id="section-3.4-4.2">
A UTF-8 string (which is not 0-terminated) representing the legacy hostname.<a href="#section-3.4-4.2" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
<p id="section-3.4-5">
NOTE: If an application uses a LEHO value in an HTTP request header
(e.g. "Host:" header) it must be converted to a punycode representation
@@ -1531,15 +1612,16 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="gnsrecords_nick">
<section id="section-3.5">
<h3 id="name-nick">
-<a href="#section-3.5" class="section-number selfRef">3.5. </a><a href="#name-nick" class="section-name selfRef">NICK</a>
+<a href="#section-3.5" class="section-number selfRef">3.5. </a><a href="#name-nick" class="section-name selfRef">NICK</a>
</h3>
-<p id="section-3.5-1">Nickname records can be used by zone administrators to publish an
+<p id="section-3.5-1">
+ Nickname records can be used by zone administrators to publish an
indication on what label this zone prefers to be referred to.
This is a suggestion to other zones what label to use when creating a
PKEY <a href="#gnsrecords_pkey" class="xref">Section 3.2</a> record containing this zone's
public zone key.
- This record SHOULD only be stored under the empty label "@" but
- MAY be returned with record sets under any label.
+ This record SHOULD only be stored under the empty label "@" but MAY be
+ returned with record sets under any label as a supplemental record.
A NICK DATA entry has the following format:<a href="#section-3.5-1" class="pilcrow">¶</a></p>
<div id="figure_nickrecord">
<figure id="figure-7">
@@ -1560,17 +1642,17 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.5-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.5-4">
<dt id="section-3.5-4.1">NICKNAME</dt>
- <dd id="section-3.5-4.2">
+<dd id="section-3.5-4.2">
A UTF-8 string (which is not 0-terminated) representing the preferred
label of the zone. This string MUST NOT include a "." character.<a href="#section-3.5-4.2" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="gnsrecords_box">
<section id="section-3.6">
<h3 id="name-box">
-<a href="#section-3.6" class="section-number selfRef">3.6. </a><a href="#name-box" class="section-name selfRef">BOX</a>
+<a href="#section-3.6" class="section-number selfRef">3.6. </a><a href="#name-box" class="section-name selfRef">BOX</a>
</h3>
<p id="section-3.6-1">
In GNS, every "." in a name delegates to another zone, and
@@ -1606,30 +1688,30 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.6-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.6-4">
<dt id="section-3.6-4.1">PROTO</dt>
- <dd id="section-3.6-4.2">
+<dd id="section-3.6-4.2">
the 16-bit protocol number, e.g. 6 for tcp. In network byte order.<a href="#section-3.6-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.6-4.3">SVC</dt>
- <dd id="section-3.6-4.4">
+<dt id="section-3.6-4.3">SVC</dt>
+<dd id="section-3.6-4.4">
the 16-bit service value of the boxed record, i.e. the port number.
In network byte order.<a href="#section-3.6-4.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.6-4.5">TYPE</dt>
- <dd id="section-3.6-4.6">
+<dt id="section-3.6-4.5">TYPE</dt>
+<dd id="section-3.6-4.6">
is the 32-bit record type of the boxed record. In network byte order.<a href="#section-3.6-4.6" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.6-4.7">RECORD DATA</dt>
- <dd id="section-3.6-4.8">
+<dt id="section-3.6-4.7">RECORD DATA</dt>
+<dd id="section-3.6-4.8">
is a variable length field containing the "DATA" format of TYPE as
defined for the respective TYPE in DNS.<a href="#section-3.6-4.8" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="gnsrecords_vpn">
<section id="section-3.7">
<h3 id="name-vpn">
-<a href="#section-3.7" class="section-number selfRef">3.7. </a><a href="#name-vpn" class="section-name selfRef">VPN</a>
+<a href="#section-3.7" class="section-number selfRef">3.7. </a><a href="#name-vpn" class="section-name selfRef">VPN</a>
</h3>
<p id="section-3.7-1">
A VPN DATA entry has the following format:<a href="#section-3.7-1" class="pilcrow">¶</a></p>
@@ -1658,21 +1740,21 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.7-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.7-4">
<dt id="section-3.7-4.1">HOSTING PEER PUBLIC KEY</dt>
- <dd id="section-3.7-4.2">
+<dd id="section-3.7-4.2">
is a 256-bit EdDSA public key identifying the peer hosting the
service.<a href="#section-3.7-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.7-4.3">PROTO</dt>
- <dd id="section-3.7-4.4">
+<dt id="section-3.7-4.3">PROTO</dt>
+<dd id="section-3.7-4.4">
the 16-bit protocol number, e.g. 6 for TCP. In network byte order.<a href="#section-3.7-4.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.7-4.5">SERVICE NAME</dt>
- <dd id="section-3.7-4.6">
+<dt id="section-3.7-4.5">SERVICE NAME</dt>
+<dd id="section-3.7-4.6">
a shared secret used to identify the service at the hosting peer,
used to derive the port number requird to connect to the service.
The service name MUST be a 0-terminated UTF-8 string.<a href="#section-3.7-4.6" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
</section>
@@ -1680,7 +1762,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="publish">
<section id="section-4">
<h2 id="name-publishing-records">
-<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-publishing-records" class="section-name selfRef">Publishing Records</a>
+<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-publishing-records" class="section-name selfRef">Publishing Records</a>
</h2>
<p id="section-4-1">
GNS resource records are published in a distributed hash table (DHT).
@@ -1693,7 +1775,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="blinding">
<section id="section-4.1">
<h3 id="name-key-derivations">
-<a href="#section-4.1" class="section-number selfRef">4.1. </a><a href="#name-key-derivations" class="section-name selfRef">Key Derivations</a>
+<a href="#section-4.1" class="section-number selfRef">4.1. </a><a href="#name-key-derivations" class="section-name selfRef">Key Derivations</a>
</h3>
<p id="section-4.1-1">
Given a label, the DHT key "q" is derived as follows:<a href="#section-4.1-1" class="pilcrow">¶</a></p>
@@ -1712,46 +1794,46 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
phase and HMAC-SHA256 for the expansion phase.<a href="#section-4.1-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-4.1-4">
<dt id="section-4.1-4.1">PRK_h</dt>
- <dd id="section-4.1-4.2">
+<dd id="section-4.1-4.2">
is key material retrieved using an HKDF using the string
"key-derivation" as salt and the public zone key "zk" as initial
keying material.<a href="#section-4.1-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.3">h</dt>
- <dd id="section-4.1-4.4">
+<dt id="section-4.1-4.3">h</dt>
+<dd id="section-4.1-4.4">
is the 512-bit HKDF expansion result. The expansion info input is a
concatenation of the label and string "gns".<a href="#section-4.1-4.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.5">d</dt>
- <dd id="section-4.1-4.6">
+<dt id="section-4.1-4.5">d</dt>
+<dd id="section-4.1-4.6">
is the 256-bit private zone key as defined in <a href="#zones" class="xref">Section 2</a>.<a href="#section-4.1-4.6" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.7">label</dt>
- <dd id="section-4.1-4.8">
+<dt id="section-4.1-4.7">label</dt>
+<dd id="section-4.1-4.8">
is a UTF-8 string under which the resource records are published.<a href="#section-4.1-4.8" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.9">d_h</dt>
- <dd id="section-4.1-4.10">
+<dt id="section-4.1-4.9">d_h</dt>
+<dd id="section-4.1-4.10">
is a 256-bit private key derived from the "d" using the
keying material "h".<a href="#section-4.1-4.10" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.11">zk_h</dt>
- <dd id="section-4.1-4.12">
+<dt id="section-4.1-4.11">zk_h</dt>
+<dd id="section-4.1-4.12">
is a 256-bit public key derived from the zone key "zk" using the
keying material "h".<a href="#section-4.1-4.12" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.13">L</dt>
- <dd id="section-4.1-4.14">
+<dt id="section-4.1-4.13">L</dt>
+<dd id="section-4.1-4.14">
is the prime-order subgroup as defined in <a href="#zones" class="xref">Section 2</a>.<a href="#section-4.1-4.14" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.15">q</dt>
- <dd id="section-4.1-4.16">
+<dt id="section-4.1-4.15">q</dt>
+<dd id="section-4.1-4.16">
Is the 512-bit DHT key under which the resource records block is
published.
It is the SHA512 hash over the public key "zk_h" corresponding to the
derived private key "d_h".<a href="#section-4.1-4.16" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
<p id="section-4.1-5">
We point out that the multiplication of "zk" with "h" is a point multiplication,
while the multiplication of "d" with "h" is a scalar multiplication.<a href="#section-4.1-5" class="pilcrow">¶</a></p>
@@ -1760,11 +1842,13 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="wire">
<section id="section-4.2">
<h3 id="name-resource-records-block">
-<a href="#section-4.2" class="section-number selfRef">4.2. </a><a href="#name-resource-records-block" class="section-name selfRef">Resource Records Block</a>
+<a href="#section-4.2" class="section-number selfRef">4.2. </a><a href="#name-resource-records-block" class="section-name selfRef">Resource Records Block</a>
</h3>
<p id="section-4.2-1">
GNS records are grouped by their labels and published as a single
- block in the DHT.
+ block in the DHT. The grouped record sets MAY be paired with any
+ number of supplemental records. Supplemental records must have the
+ supplemental flag set (See <a href="#rrecords" class="xref">Section 3</a>).
The contained resource records are encrypted using a symmetric
encryption scheme.
A GNS implementation must publish RRBLOCKs
@@ -1806,21 +1890,21 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<p id="section-4.2-3">where:<a href="#section-4.2-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-4.2-4">
<dt id="section-4.2-4.1">SIGNATURE</dt>
- <dd id="section-4.2-4.2">
+<dd id="section-4.2-4.2">
A 512-bit ECDSA deterministic signature compliant with
<span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span>. The signature is computed over the data
following the PUBLIC KEY field.
The signature is created using the derived private key "d_h" (see
<a href="#publish" class="xref">Section 4</a>).<a href="#section-4.2-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.3">PUBLIC KEY</dt>
- <dd id="section-4.2-4.4">
+<dt id="section-4.2-4.3">PUBLIC KEY</dt>
+<dd id="section-4.2-4.4">
is the 256-bit public key "zk_h" to be used to verify SIGNATURE. The
wire format of this value is defined in <span>[<a href="#RFC8032" class="xref">RFC8032</a>]</span>,
Section 5.1.5.<a href="#section-4.2-4.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.5">SIZE</dt>
- <dd id="section-4.2-4.6">
+<dt id="section-4.2-4.5">SIZE</dt>
+<dd id="section-4.2-4.6">
A 32-bit value containing the length of the signed data following the
PUBLIC KEY field in network byte order. This value always includes the
length of the fields SIZE (4), PURPOSE (4) and EXPIRATION (8) in
@@ -1829,13 +1913,13 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
size significantly below 4 GB. However, a minimum block size of
62 kilobytes MUST be supported.<a href="#section-4.2-4.6" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.7">PURPOSE</dt>
- <dd id="section-4.2-4.8">
+<dt id="section-4.2-4.7">PURPOSE</dt>
+<dd id="section-4.2-4.8">
A 32-bit signature purpose flag. This field MUST be 15 (in network
byte order).<a href="#section-4.2-4.8" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.9">EXPIRATION</dt>
- <dd id="section-4.2-4.10">
+<dt id="section-4.2-4.9">EXPIRATION</dt>
+<dd id="section-4.2-4.10">
Specifies when the RRBLOCK expires and the encrypted block
SHOULD be removed from the DHT and caches as it is likely stale.
However, applications MAY continue to use non-expired individual
@@ -1848,17 +1932,17 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
This is a 64-bit absolute date in microseconds since midnight
(0 hour), January 1, 1970 in network byte order.<a href="#section-4.2-4.10" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.11">BDATA</dt>
- <dd id="section-4.2-4.12">
+<dt id="section-4.2-4.11">BDATA</dt>
+<dd id="section-4.2-4.12">
The encrypted resource records with a total size of SIZE - 16.<a href="#section-4.2-4.12" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="recordencryption">
<section id="section-4.3">
<h3 id="name-record-data-encryption-and-">
-<a href="#section-4.3" class="section-number selfRef">4.3. </a><a href="#name-record-data-encryption-and-" class="section-name selfRef">Record Data Encryption and Decryption</a>
+<a href="#section-4.3" class="section-number selfRef">4.3. </a><a href="#name-record-data-encryption-and-" class="section-name selfRef">Record Data Encryption and Decryption</a>
</h3>
<p id="section-4.3-1">
A symmetric encryption scheme is used to encrypt the resource records
@@ -1898,20 +1982,20 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<p id="section-4.3-3">where:<a href="#section-4.3-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-4.3-4">
<dt id="section-4.3-4.1">RR COUNT</dt>
- <dd id="section-4.3-4.2">
+<dd id="section-4.3-4.2">
A 32-bit value containing the number of variable-length resource
records which are
following after this field in network byte order.<a href="#section-4.3-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.3-4.3">EXPIRATION, DATA SIZE, TYPE, FLAGS and DATA</dt>
- <dd id="section-4.3-4.4">
+<dt id="section-4.3-4.3">EXPIRATION, DATA SIZE, TYPE, FLAGS and DATA</dt>
+<dd id="section-4.3-4.4">
These fields were defined
in the resource record format in <a href="#rrecords" class="xref">Section 3</a>.
There MUST be a total of RR COUNT of these resource records
present.<a href="#section-4.3-4.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.3-4.5">PADDING</dt>
- <dd id="section-4.3-4.6">
+<dt id="section-4.3-4.5">PADDING</dt>
+<dd id="section-4.3-4.6">
The padding MUST contain the value 0 in all octets.
The padding MUST ensure that the size of the RDATA WITHOUT the RR
COUNT field is a power of two.
@@ -1919,7 +2003,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
are never padded. Note that a record set with a PKEY record MUST NOT
contain other records.<a href="#section-4.3-4.6" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
<p id="section-4.3-5">
The symmetric keys and initialization vectors are derived from the
record label and the zone key "zk". For decryption of the resource
@@ -1998,7 +2082,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="encoding">
<section id="section-5">
<h2 id="name-internationalization-and-ch">
-<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-internationalization-and-ch" class="section-name selfRef">Internationalization and Character Encoding</a>
+<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-internationalization-and-ch" class="section-name selfRef">Internationalization and Character Encoding</a>
</h2>
<p id="section-5-1">
All labels in GNS are encoded in UTF-8 <span>[<a href="#RFC3629" class="xref">RFC3629</a>]</span>.
@@ -2010,7 +2094,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="resolution">
<section id="section-6">
<h2 id="name-name-resolution">
-<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-name-resolution" class="section-name selfRef">Name Resolution</a>
+<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-name-resolution" class="section-name selfRef">Name Resolution</a>
</h2>
<p id="section-6-1">
Names in GNS are resolved by recursively querying the DHT record storage.
@@ -2034,7 +2118,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="recursion">
<section id="section-6.1">
<h3 id="name-recursion">
-<a href="#section-6.1" class="section-number selfRef">6.1. </a><a href="#name-recursion" class="section-name selfRef">Recursion</a>
+<a href="#section-6.1" class="section-number selfRef">6.1. </a><a href="#name-recursion" class="section-name selfRef">Recursion</a>
</h3>
<p id="section-6.1-1">
In each step of the recursive name resolution, there is an
@@ -2046,15 +2130,15 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<ol start="1" type="1" class="normal" id="section-6.1-3">
<li id="section-6.1-3.1">Extract the right-most label from the name to look up.<a href="#section-6.1-3.1" class="pilcrow">¶</a>
</li>
- <li id="section-6.1-3.2">Calculate q using the label and zk as defined in
+<li id="section-6.1-3.2">Calculate q using the label and zk as defined in
<a href="#blinding" class="xref">Section 4.1</a>.<a href="#section-6.1-3.2" class="pilcrow">¶</a>
</li>
- <li id="section-6.1-3.3">Perform a DHT query GET(q) to retrieve the RRBLOCK.<a href="#section-6.1-3.3" class="pilcrow">¶</a>
+<li id="section-6.1-3.3">Perform a DHT query GET(q) to retrieve the RRBLOCK.<a href="#section-6.1-3.3" class="pilcrow">¶</a>
</li>
- <li id="section-6.1-3.4">Verify and process the RRBLOCK and decrypt the BDATA contained
+<li id="section-6.1-3.4">Verify and process the RRBLOCK and decrypt the BDATA contained
in it as defined in <a href="#recordencryption" class="xref">Section 4.3</a>.<a href="#section-6.1-3.4" class="pilcrow">¶</a>
</li>
- </ol>
+</ol>
<p id="section-6.1-4">
Upon receiving the RRBLOCK from the DHT, apart from verifying the
provided signature, the resolver MUST check that the authoritative
@@ -2067,7 +2151,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="record_processing">
<section id="section-6.2">
<h3 id="name-record-processing">
-<a href="#section-6.2" class="section-number selfRef">6.2. </a><a href="#name-record-processing" class="section-name selfRef">Record Processing</a>
+<a href="#section-6.2" class="section-number selfRef">6.2. </a><a href="#name-record-processing" class="section-name selfRef">Record Processing</a>
</h3>
<p id="section-6.2-1">
Record processing occurs at the end of a single recursion. We assume
@@ -2081,26 +2165,23 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
does not consist of a PKEY, CNAME or DNS2GNS record, the record set
is the result and the recursion is concluded.<a href="#section-6.2-2.1" class="pilcrow">¶</a>
</li>
- <li id="section-6.2-2.2">
+<li id="section-6.2-2.2">
Case 2:
If the name to be resolved is of the format
"_SERVICE._PROTO" and the record set contains one or more matching BOX
records, the records in the BOX records are the result and the recusion
is concluded (<a href="#box_processing" class="xref">Section 6.2.4</a>).<a href="#section-6.2-2.2" class="pilcrow">¶</a>
</li>
- <li id="section-6.2-2.3">
+<li id="section-6.2-2.3">
Case 3:
If the remainder of the name to resolve is not empty and
does not match the "_SERVICE._PROTO" syntax, then the current record set
- MUST consist of a single PKEY record
- (<a href="#pkey_processing" class="xref">Section 6.2.1</a>),
- a single CNAME record
- (<a href="#cname_processing" class="xref">Section 6.2.3</a>),
- or one or more GNS2DNS records
- (<a href="#gns2dns_processing" class="xref">Section 6.2.2</a>),
- which are processed
- as described in the respective sections below.
- Otherwise, resolution fails
+ MUST consist of a single PKEY record (<a href="#pkey_processing" class="xref">Section 6.2.1</a>),
+ a single CNAME record (<a href="#cname_processing" class="xref">Section 6.2.3</a>),
+ or one or more GNS2DNS records (<a href="#gns2dns_processing" class="xref">Section 6.2.2</a>),
+ which are processed as described in the respective sections below.
+ The record set may include any number of supplemental records.
+ Otherwise, resolution fails
and the resolver MUST return an empty record set.
Finally, after the recursion terminates, the client preferences
@@ -2109,11 +2190,11 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
SHOULD be converted (<a href="#vpn_processing" class="xref">Section 6.2.5</a>)
if possible.<a href="#section-6.2-2.3" class="pilcrow">¶</a>
</li>
- </ol>
+</ol>
<div id="pkey_processing">
<section id="section-6.2.1">
<h4 id="name-pkey-2">
-<a href="#section-6.2.1" class="section-number selfRef">6.2.1. </a><a href="#name-pkey-2" class="section-name selfRef">PKEY</a>
+<a href="#section-6.2.1" class="section-number selfRef">6.2.1. </a><a href="#name-pkey-2" class="section-name selfRef">PKEY</a>
</h4>
<p id="section-6.2.1-1">
When the resolver encounters a PKEY record and the remainder of
@@ -2133,7 +2214,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="gns2dns_processing">
<section id="section-6.2.2">
<h4 id="name-gns2dns-2">
-<a href="#section-6.2.2" class="section-number selfRef">6.2.2. </a><a href="#name-gns2dns-2" class="section-name selfRef">GNS2DNS</a>
+<a href="#section-6.2.2" class="section-number selfRef">6.2.2. </a><a href="#name-gns2dns-2" class="section-name selfRef">GNS2DNS</a>
</h4>
<p id="section-6.2.2-1">
When a resolver encounters one or more GNS2DNS records and the remaining name
@@ -2184,7 +2265,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="cname_processing">
<section id="section-6.2.3">
<h4 id="name-cname">
-<a href="#section-6.2.3" class="section-number selfRef">6.2.3. </a><a href="#name-cname" class="section-name selfRef">CNAME</a>
+<a href="#section-6.2.3" class="section-number selfRef">6.2.3. </a><a href="#name-cname" class="section-name selfRef">CNAME</a>
</h4>
<p id="section-6.2.3-1">
If a CNAME record is encountered, the canonical name is
@@ -2209,7 +2290,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="box_processing">
<section id="section-6.2.4">
<h4 id="name-box-2">
-<a href="#section-6.2.4" class="section-number selfRef">6.2.4. </a><a href="#name-box-2" class="section-name selfRef">BOX</a>
+<a href="#section-6.2.4" class="section-number selfRef">6.2.4. </a><a href="#name-box-2" class="section-name selfRef">BOX</a>
</h4>
<p id="section-6.2.4-1">
When a BOX record is received, a GNS resolver must unbox it if the
@@ -2223,7 +2304,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="vpn_processing">
<section id="section-6.2.5">
<h4 id="name-vpn-2">
-<a href="#section-6.2.5" class="section-number selfRef">6.2.5. </a><a href="#name-vpn-2" class="section-name selfRef">VPN</a>
+<a href="#section-6.2.5" class="section-number selfRef">6.2.5. </a><a href="#name-vpn-2" class="section-name selfRef">VPN</a>
</h4>
<p id="section-6.2.5-1">
At the end of the recursion,
@@ -2243,7 +2324,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="revocation">
<section id="section-7">
<h2 id="name-zone-revocation">
-<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-zone-revocation" class="section-name selfRef">Zone Revocation</a>
+<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-zone-revocation" class="section-name selfRef">Zone Revocation</a>
</h2>
<p id="section-7-1">
Whenever a recursive resolver encounters a new GNS zone, it MUST
@@ -2310,7 +2391,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="governance">
<section id="section-8">
<h2 id="name-determining-the-root-zone-a">
-<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-determining-the-root-zone-a" class="section-name selfRef">Determining the Root Zone and Zone Governance</a>
+<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-determining-the-root-zone-a" class="section-name selfRef">Determining the Root Zone and Zone Governance</a>
</h2>
<p id="section-8-1">
The resolution of a GNS name must start in a given start zone
@@ -2395,7 +2476,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="security">
<section id="section-9">
<h2 id="name-security-considerations">
-<a href="#section-9" class="section-number selfRef">9. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
+<a href="#section-9" class="section-number selfRef">9. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
</h2>
<p id="section-9-1">
TODO<a href="#section-9-1" class="pilcrow">¶</a></p>
@@ -2404,7 +2485,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div id="iana">
<section id="section-10">
<h2 id="name-iana-considerations">
-<a href="#section-10" class="section-number selfRef">10. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
+<a href="#section-10" class="section-number selfRef">10. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
</h2>
<p id="section-10-1">
This will be fun<a href="#section-10-1" class="pilcrow">¶</a></p>
@@ -2412,7 +2493,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
</div>
<section id="section-11">
<h2 id="name-test-vectors">
-<a href="#section-11" class="section-number selfRef">11. </a><a href="#name-test-vectors" class="section-name selfRef">Test Vectors</a>
+<a href="#section-11" class="section-number selfRef">11. </a><a href="#name-test-vectors" class="section-name selfRef">Test Vectors</a>
</h2>
<p id="section-11-1">
The following represents a test vector for a record of type MX with
@@ -2520,56 +2601,54 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
</section>
<section id="section-12">
<h2 id="name-normative-references">
-<a href="#section-12" class="section-number selfRef">12. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
+<a href="#section-12" class="section-number selfRef">12. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
</h2>
<dl class="references">
<dt id="RFC1034">[RFC1034]</dt>
- <dd>
+<dd>
<span class="refAuthor">Mockapetris, P.</span>, <span class="refTitle">"Domain names - concepts and facilities"</span>, <span class="seriesInfo">STD 13</span>, <span class="seriesInfo">RFC 1034</span>, <span class="seriesInfo">DOI 10.17487/RFC1034</span>, <time datetime="1987-11">November 1987</time>, <span><<a href="https://www.rfc-editor.org/info/rfc1034">https://www.rfc-editor.org/info/rfc1034</a>></span>. </dd>
<dt id="RFC1035">[RFC1035]</dt>
- <dd>
+<dd>
<span class="refAuthor">Mockapetris, P.</span>, <span class="refTitle">"Domain names - implementation and specification"</span>, <span class="seriesInfo">STD 13</span>, <span class="seriesInfo">RFC 1035</span>, <span class="seriesInfo">DOI 10.17487/RFC1035</span>, <time datetime="1987-11">November 1987</time>, <span><<a href="https://www.rfc-editor.org/info/rfc1035">https://www.rfc-editor.org/info/rfc1035</a>></span>. </dd>
-<dt id="RFC2119">[RFC2119]</dt>
- <dd>
-<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03">March 1997</time>, <span><<a href="https://www.rfc-editor.org/info/rfc2119">https://www.rfc-editor.org/info/rfc2119</a>></span>. </dd>
<dt id="RFC2782">[RFC2782]</dt>
- <dd>
+<dd>
<span class="refAuthor">Gulbrandsen, A.</span><span class="refAuthor">, Vixie, P.</span><span class="refAuthor">, and L. Esibov</span>, <span class="refTitle">"A DNS RR for specifying the location of services (DNS SRV)"</span>, <span class="seriesInfo">RFC 2782</span>, <span class="seriesInfo">DOI 10.17487/RFC2782</span>, <time datetime="2000-02">February 2000</time>, <span><<a href="https://www.rfc-editor.org/info/rfc2782">https://www.rfc-editor.org/info/rfc2782</a>></span>. </dd>
+<dt id="RFC2119">[RFC2119]</dt>
+<dd>
+<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03">March 1997</time>, <span><<a href="https://www.rfc-editor.org/info/rfc2119">https://www.rfc-editor.org/info/rfc2119</a>></span>. </dd>
<dt id="RFC3629">[RFC3629]</dt>
- <dd>
+<dd>
<span class="refAuthor">Yergeau, F.</span>, <span class="refTitle">"UTF-8, a transformation format of ISO 10646"</span>, <span class="seriesInfo">STD 63</span>, <span class="seriesInfo">RFC 3629</span>, <span class="seriesInfo">DOI 10.17487/RFC3629</span>, <time datetime="2003-11">November 2003</time>, <span><<a href="https://www.rfc-editor.org/info/rfc3629">https://www.rfc-editor.org/info/rfc3629</a>></span>. </dd>
<dt id="RFC3826">[RFC3826]</dt>
- <dd>
+<dd>
<span class="refAuthor">Blumenthal, U.</span><span class="refAuthor">, Maino, F.</span><span class="refAuthor">, and K. McCloghrie</span>, <span class="refTitle">"The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model"</span>, <span class="seriesInfo">RFC 3826</span>, <span class="seriesInfo">DOI 10.17487/RFC3826</span>, <time datetime="2004-06">June 2004</time>, <span><<a href="https://www.rfc-editor.org/info/rfc3826">https://www.rfc-editor.org/info/rfc3826</a>></span>. </dd>
<dt id="RFC5869">[RFC5869]</dt>
- <dd>
+<dd>
<span class="refAuthor">Krawczyk, H.</span><span class="refAuthor"> and P. Eronen</span>, <span class="refTitle">"HMAC-based Extract-and-Expand Key Derivation Function (HKDF)"</span>, <span class="seriesInfo">RFC 5869</span>, <span class="seriesInfo">DOI 10.17487/RFC5869</span>, <time datetime="2010-05">May 2010</time>, <span><<a href="https://www.rfc-editor.org/info/rfc5869">https://www.rfc-editor.org/info/rfc5869</a>></span>. </dd>
<dt id="RFC5890">[RFC5890]</dt>
- <dd>
+<dd>
<span class="refAuthor">Klensin, J.</span>, <span class="refTitle">"Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework"</span>, <span class="seriesInfo">RFC 5890</span>, <span class="seriesInfo">DOI 10.17487/RFC5890</span>, <time datetime="2010-08">August 2010</time>, <span><<a href="https://www.rfc-editor.org/info/rfc5890">https://www.rfc-editor.org/info/rfc5890</a>></span>. </dd>
<dt id="RFC5891">[RFC5891]</dt>
- <dd>
+<dd>
<span class="refAuthor">Klensin, J.</span>, <span class="refTitle">"Internationalized Domain Names in Applications (IDNA): Protocol"</span>, <span class="seriesInfo">RFC 5891</span>, <span class="seriesInfo">DOI 10.17487/RFC5891</span>, <time datetime="2010-08">August 2010</time>, <span><<a href="https://www.rfc-editor.org/info/rfc5891">https://www.rfc-editor.org/info/rfc5891</a>></span>. </dd>
<dt id="RFC6895">[RFC6895]</dt>
- <dd>
+<dd>
<span class="refAuthor">Eastlake 3rd, D.</span>, <span class="refTitle">"Domain Name System (DNS) IANA Considerations"</span>, <span class="seriesInfo">BCP 42</span>, <span class="seriesInfo">RFC 6895</span>, <span class="seriesInfo">DOI 10.17487/RFC6895</span>, <time datetime="2013-04">April 2013</time>, <span><<a href="https://www.rfc-editor.org/info/rfc6895">https://www.rfc-editor.org/info/rfc6895</a>></span>. </dd>
<dt id="RFC6979">[RFC6979]</dt>
- <dd>
+<dd>
<span class="refAuthor">Pornin, T.</span>, <span class="refTitle">"Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)"</span>, <span class="seriesInfo">RFC 6979</span>, <span class="seriesInfo">DOI 10.17487/RFC6979</span>, <time datetime="2013-08">August 2013</time>, <span><<a href="https://www.rfc-editor.org/info/rfc6979">https://www.rfc-editor.org/info/rfc6979</a>></span>. </dd>
<dt id="RFC7748">[RFC7748]</dt>
- <dd>
+<dd>
<span class="refAuthor">Langley, A.</span><span class="refAuthor">, Hamburg, M.</span><span class="refAuthor">, and S. Turner</span>, <span class="refTitle">"Elliptic Curves for Security"</span>, <span class="seriesInfo">RFC 7748</span>, <span class="seriesInfo">DOI 10.17487/RFC7748</span>, <time datetime="2016-01">January 2016</time>, <span><<a href="https://www.rfc-editor.org/info/rfc7748">https://www.rfc-editor.org/info/rfc7748</a>></span>. </dd>
-<dt id="RFC7914">[RFC7914]</dt>
- <dd>
-<span class="refAuthor">Percival, C.</span><span class="refAuthor"> and S. Josefsson</span>, <span class="refTitle">"The scrypt Password-Based Key Derivation Function"</span>, <span class="seriesInfo">RFC 7914</span>, <span class="seriesInfo">DOI 10.17487/RFC7914</span>, <time datetime="2016-08">August 2016</time>, <span><<a href="https://www.rfc-editor.org/info/rfc7914">https://www.rfc-editor.org/info/rfc7914</a>></span>. </dd>
<dt id="RFC8032">[RFC8032]</dt>
- <dd>
+<dd>
<span class="refAuthor">Josefsson, S.</span><span class="refAuthor"> and I. Liusvaara</span>, <span class="refTitle">"Edwards-Curve Digital Signature Algorithm (EdDSA)"</span>, <span class="seriesInfo">RFC 8032</span>, <span class="seriesInfo">DOI 10.17487/RFC8032</span>, <time datetime="2017-01">January 2017</time>, <span><<a href="https://www.rfc-editor.org/info/rfc8032">https://www.rfc-editor.org/info/rfc8032</a>></span>. </dd>
<dt id="TWOFISH">[TWOFISH]</dt>
- <dd>
-<span class="refAuthor">Schneier, B.</span>, <span class="refTitle">"
- The Twofish Encryptions Algorithm: A 128-Bit Block Cipher, 1st Edition
- "</span>, <time datetime="1999-03">March 1999</time>. </dd>
+<dd>
+<span class="refAuthor">Schneier, B.</span>, <span class="refTitle">"The Twofish Encryptions Algorithm: A 128-Bit Block Cipher, 1st Edition"</span>, <time datetime="1999-03">March 1999</time>. </dd>
+<dt id="RFC7914">[RFC7914]</dt>
+<dd>
+<span class="refAuthor">Percival, C.</span><span class="refAuthor"> and S. Josefsson</span>, <span class="refTitle">"The scrypt Password-Based Key Derivation Function"</span>, <span class="seriesInfo">RFC 7914</span>, <span class="seriesInfo">DOI 10.17487/RFC7914</span>, <time datetime="2016-08">August 2016</time>, <span><<a href="https://www.rfc-editor.org/info/rfc7914">https://www.rfc-editor.org/info/rfc7914</a>></span>. </dd>
</dl>
</section>
<div id="authors-addresses">
@@ -2594,7 +2673,8 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<div dir="auto" class="left"><span class="fn nameRole">Christian Grothoff</span></div>
<div dir="auto" class="left"><span class="org">Berner Fachhochschule</span></div>
<div dir="auto" class="left"><span class="street-address">Hoeheweg 80</span></div>
-<div dir="auto" class="left">CH-<span class="postal-code">2501</span> <span class="locality">Biel/Bienne</span>
+<div dir="auto" class="left">
+<span class="postal-code">2501</span> <span class="locality">Biel/Bienne</span>
</div>
<div dir="auto" class="left"><span class="country-name">Switzerland</span></div>
<div class="email">
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -63,7 +63,7 @@ Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Resource Records . . . . . . . . . . . . . . . . . . . . . . 4
- 3.1. Record Types . . . . . . . . . . . . . . . . . . . . . . 5
+ 3.1. Record Types . . . . . . . . . . . . . . . . . . . . . . 6
3.2. PKEY . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.3. GNS2DNS . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.4. LEHO . . . . . . . . . . . . . . . . . . . . . . . . . . 7
@@ -238,7 +238,7 @@ Internet-Draft The GNU Name System November 2019
... 5 4 3 2 1 0
------+--------+--------+--------+--------+--------+
- / ... | SHADOW | EXPREL | / | PRIVATE| / |
+ / ... | SHADOW | EXPREL | SUPPL | PRIVATE| / |
------+--------+--------+--------+--------+--------+
Figure 2
@@ -258,19 +258,19 @@ Internet-Draft The GNU Name System November 2019
from the DHT, but might be present when a resolver looks up
private records of a zone hosted locally.
+ SUPPL This is supplemental record. It is provided in addition to
+ the other records. This flag indicates that this record is not
+ explicitly managed alongside the other records under the
+ respective name but may be useful for the application. This flag
+ should only be encountered by a resolver for records obtained from
+ the DHT.
+
PRIVATE This is a private record of this peer and it should thus not
be published in the DHT. Thus, this flag should never be
encountered by a resolver for records obtained from the DHT.
Private records should still be considered just like regular
records when resolving labels in local zones.
-3.1. Record Types
-
- GNS-specific record type numbers start at 2^16, i.e. after the record
- type numbers for DNS. The following is a list of defined and
- reserved record types in GNS:
-
-
@@ -282,6 +282,12 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 5]
Internet-Draft The GNU Name System November 2019
+3.1. Record Types
+
+ GNS-specific record type numbers start at 2^16, i.e. after the record
+ type numbers for DNS. The following is a list of defined and
+ reserved record types in GNS:
+
Number | Type | Comment
------------------------------------------------------------
65536 | PKEY | GNS delegation
@@ -327,12 +333,6 @@ Internet-Draft The GNU Name System November 2019
-
-
-
-
-
-
Schanzenbach, et al. Expires 13 May 2020 [Page 6]
�
Internet-Draft The GNU Name System November 2019
@@ -405,8 +405,8 @@ Internet-Draft The GNU Name System November 2019
is a suggestion to other zones what label to use when creating a PKEY
Section 3.2 record containing this zone's public zone key. This
record SHOULD only be stored under the empty label "@" but MAY be
- returned with record sets under any label. A NICK DATA entry has the
- following format:
+ returned with record sets under any label as a supplemental record.
+ A NICK DATA entry has the following format:
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
@@ -581,14 +581,14 @@ Internet-Draft The GNU Name System November 2019
4.2. Resource Records Block
GNS records are grouped by their labels and published as a single
- block in the DHT. The contained resource records are encrypted using
- a symmetric encryption scheme. A GNS implementation must publish
- RRBLOCKs in accordance to the properties and recommendations of the
- underlying DHT. This may include a periodic refresh publication. A
- GNS RRBLOCK has the following format:
-
-
-
+ block in the DHT. The grouped record sets MAY be paired with any
+ number of supplemental records. Supplemental records must have the
+ supplemental flag set (See Section 3). The contained resource
+ records are encrypted using a symmetric encryption scheme. A GNS
+ implementation must publish RRBLOCKs in accordance to the properties
+ and recommendations of the underlying DHT. This may include a
+ periodic refresh publication. A GNS RRBLOCK has the following
+ format:
@@ -734,9 +734,9 @@ Internet-Draft The GNU Name System November 2019
resource records which are following after this field in network
byte order.
- EXPIRATION, DATA SIZE, TYPE, FLAGS and DATA These fields were defined in
- the resource record format in Section 3. There MUST be a total of
- RR COUNT of these resource records present.
+ EXPIRATION, DATA SIZE, TYPE, FLAGS and DATA These fields were
+ defined in the resource record format in Section 3. There MUST be
+ a total of RR COUNT of these resource records present.
PADDING The padding MUST contain the value 0 in all octets. The
padding MUST ensure that the size of the RDATA WITHOUT the RR
@@ -887,9 +887,9 @@ Internet-Draft The GNU Name System November 2019
record set MUST consist of a single PKEY record (Section 6.2.1),
a single CNAME record (Section 6.2.3), or one or more GNS2DNS
records (Section 6.2.2), which are processed as described in the
- respective sections below. Otherwise, resolution fails and the
+ respective sections below. The record set may include any number
+ of supplemental records. Otherwise, resolution fails and the
resolver MUST return an empty record set. Finally, after the
- recursion terminates, the client preferences for the record type
@@ -898,6 +898,7 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 16]
Internet-Draft The GNU Name System November 2019
+ recursion terminates, the client preferences for the record type
SHOULD be considered. If a VPN record is found and the client
requests an A or AAAA record, the VPN record SHOULD be converted
(Section 6.2.5) if possible.
@@ -944,8 +945,7 @@ Internet-Draft The GNU Name System November 2019
the GNS resolver MUST support recursive resolution and MUST NOT
delegate this to the authoritative DNS servers. The first successful
recursive name resolution result is returned to the client. In
- addition, the resolver returns the queried DNS name as a LEHO record
- (Section 3.4) with a relative expiration time of one hour.
+
@@ -954,6 +954,9 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 17]
Internet-Draft The GNU Name System November 2019
+ addition, the resolver returns the queried DNS name as a LEHO record
+ (Section 3.4) with a relative expiration time of one hour.
+
GNS resolvers SHOULD offer a configuration option to disable DNS
processing to avoid information leakage and provide a consistent
security profile for all name resolutions. Such resolvers would
@@ -1002,9 +1005,6 @@ Internet-Draft The GNU Name System November 2019
-
-
-
Schanzenbach, et al. Expires 13 May 2020 [Page 18]
�
Internet-Draft The GNU Name System November 2019
@@ -1294,16 +1294,16 @@ Internet-Draft The GNU Name System November 2019
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>.
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119,
- DOI 10.17487/RFC2119, March 1997,
- <https://www.rfc-editor.org/info/rfc2119>.
-
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782,
DOI 10.17487/RFC2782, February 2000,
<https://www.rfc-editor.org/info/rfc2782>.
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119,
+ DOI 10.17487/RFC2119, March 1997,
+ <https://www.rfc-editor.org/info/rfc2119>.
+
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
2003, <https://www.rfc-editor.org/info/rfc3629>.
@@ -1350,10 +1350,6 @@ Internet-Draft The GNU Name System November 2019
for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <https://www.rfc-editor.org/info/rfc7748>.
- [RFC7914] Percival, C. and S. Josefsson, "The scrypt Password-Based
- Key Derivation Function", RFC 7914, DOI 10.17487/RFC7914,
- August 2016, <https://www.rfc-editor.org/info/rfc7914>.
-
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
Signature Algorithm (EdDSA)", RFC 8032,
DOI 10.17487/RFC8032, January 2017,
@@ -1362,6 +1358,10 @@ Internet-Draft The GNU Name System November 2019
[TWOFISH] Schneier, B., "The Twofish Encryptions Algorithm: A
128-Bit Block Cipher, 1st Edition", March 1999.
+ [RFC7914] Percival, C. and S. Josefsson, "The scrypt Password-Based
+ Key Derivation Function", RFC 7914, DOI 10.17487/RFC7914,
+ August 2016, <https://www.rfc-editor.org/info/rfc7914>.
+
Authors' Addresses
Martin Schanzenbach
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -239,7 +239,7 @@
<artwork name="" type="" align="left" alt=""><![CDATA[
... 5 4 3 2 1 0
------+--------+--------+--------+--------+--------+
- / ... | SHADOW | EXPREL | / | PRIVATE| / |
+ / ... | SHADOW | EXPREL | SUPPL | PRIVATE| / |
------+--------+--------+--------+--------+--------+
]]></artwork>
<!-- <postamble>which is a very simple example.</postamble>-->
@@ -263,6 +263,16 @@
for records obtained from the DHT, but might be present when a resolver looks up
private records of a zone hosted locally.
</dd>
+ <dt>
+ SUPPL
+ </dt>
+ <dd>
+ This is supplemental record. It is provided in addition to the
+ other records. This flag indicates that this record is not explicitly
+ managed alongside the other records under the respective name but
+ may be useful for the application. This flag should only be encountered
+ by a resolver for records obtained from the DHT.
+ </dd>
<dt>PRIVATE</dt>
<dd>
This is a private record of this peer and it should thus not be
@@ -404,13 +414,14 @@
</section>
<section anchor="gnsrecords_nick" numbered="true" toc="default">
<name>NICK</name>
- <t>Nickname records can be used by zone administrators to publish an
+ <t>
+ Nickname records can be used by zone administrators to publish an
indication on what label this zone prefers to be referred to.
This is a suggestion to other zones what label to use when creating a
PKEY <xref target="gnsrecords_pkey" /> record containing this zone's
public zone key.
- This record SHOULD only be stored under the empty label "@" but
- MAY be returned with record sets under any label.
+ This record SHOULD only be stored under the empty label "@" but MAY be
+ returned with record sets under any label as a supplemental record.
A NICK DATA entry has the following format:
</t>
<figure anchor="figure_nickrecord">
@@ -614,7 +625,9 @@
<name>Resource Records Block</name>
<t>
GNS records are grouped by their labels and published as a single
- block in the DHT.
+ block in the DHT. The grouped record sets MAY be paired with any
+ number of supplemental records. Supplemental records must have the
+ supplemental flag set (See <xref target="rrecords"/>).
The contained resource records are encrypted using a symmetric
encryption scheme.
A GNS implementation must publish RRBLOCKs
@@ -923,15 +936,12 @@
Case 3:
If the remainder of the name to resolve is not empty and
does not match the "_SERVICE._PROTO" syntax, then the current record set
- MUST consist of a single PKEY record
- (<xref target="pkey_processing" />),
- a single CNAME record
- (<xref target="cname_processing" />),
- or one or more GNS2DNS records
- (<xref target="gns2dns_processing" />),
- which are processed
- as described in the respective sections below.
- Otherwise, resolution fails
+ MUST consist of a single PKEY record (<xref target="pkey_processing" />),
+ a single CNAME record (<xref target="cname_processing" />),
+ or one or more GNS2DNS records (<xref target="gns2dns_processing" />),
+ which are processed as described in the respective sections below.
+ The record set may include any number of supplemental records.
+ Otherwise, resolution fails
and the resolver MUST return an empty record set.
Finally, after the recursion terminates, the client preferences
