commit d922bc4c8b4860975cc44edac2690cb70319a842
parent 6516229db4b593de20eb0558e93a22fd8b0f504f
Author: Christian Grothoff <christian@grothoff.org>
Date: Sat, 1 Jul 2023 00:35:25 +0200
fix English
Diffstat:
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -2640,14 +2640,15 @@ NICK: john (supplemental)
<name>Zone Management</name>
<t>
In GNS, zone administrators need to manage and protect their zone
- keys. Once a zone key is lost, it cannot be recovered or revoked.
+ keys. Once a private zone key is lost, it cannot be recovered and
+ the zone revocation message cannot be computed anymore.
Revocation messages can be pre-calculated if revocation is
- required in case a zone key is lost.
+ required in case a private zone key is lost.
Zone administrators, and for GNS this includes end-users, are
required to responsibly and diligently protect their cryptographic
keys.
GNS supports signing records in advance ("offline") in order to
- support processes which aim to protect private keys such as air gaps.
+ support processes (such as air gaps) which aim to protect private keys.
<!-- It does not support separate zone signing and key-signing keys
(as in <xref target="RFC6781" />) in order to provide usable security. This is not useful for any implementer -->
</t>
