lsd0001

LSD0001: GNU Name System
Log | Files | Refs | README
commit f71e8c7dc20fe5953debe54b07e5323902904f28
parent db5a9eea578f58ecc6896589602f54483b76a5fb
Author: Christian Grothoff <christian@grothoff.org>
Date:   Fri, 30 Jun 2023 23:30:36 +0200

resolve internal contraditions with 9.3

Diffstat:

Mdraft-schanzen-gns.xml | 15+++++++++------


1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -1797,7 +1797,7 @@ GET(key) -> block
        records in blocks.
        An implementation <bcp14>MUST</bcp14> use the PUT storage procedure
        when record sets change to update the zone contents.  Implementations
-       <bcp14>SHOULD</bcp14> ensure that the EXPIRATION fields of RRBLOCKs
+       <bcp14>MUST</bcp14> ensure that the EXPIRATION fields of RRBLOCKs
        increases strictly monotonically for every change, even if the smallest
        expiration time of records in the block does not.
      </t>
@@ -2008,10 +2008,11 @@ q := SHA-512 (ZKDF(zk, label))
            Specifies when the RRBLOCK expires and the encrypted block
            <bcp14>SHOULD</bcp14> be removed from the storage and caches as it is likely stale.
            However, applications <bcp14>MAY</bcp14> continue to use non-expired individual
-           records until they expire.  The value <bcp14>MUST</bcp14> be set to the
-           expiration time of the resource record contained within this block with the
-           smallest expiration time.
-           If a records block includes shadow records, then the maximum
+           records until they expire.  The value <bcp14>MUST</bcp14> be set to the maximum of
+           the expiration time of the resource record contained within this block with the
+           smallest expiration time and the previous EXPIRATION value (if any) plus one
+           to ensure monotonicity (see <xref target="security_cryptography" />)
+           If the RDATA includes shadow records, then the maximum
            expiration time of all shadow records with matching type and the
            expiration times of the non-shadow records is considered.
            This is a 64-bit absolute date in microseconds since midnight
@@ -2019,7 +2020,9 @@ q := SHA-512 (ZKDF(zk, label))
          </dd>
          <dt>BDATA</dt>
          <dd>
-           The encrypted RDATA. Its ultimate size and content are determined by
+           The encrypted RDATA computed using S-Encrypt() with the
+           zone key, label and expiration time as additional inputs.
+           Its ultimate size and content are determined by
            the S-Encrypt() function of the ztype.
          </dd>
        </dl>