diff options
| author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-05-05 16:34:52 +0200 |
|---|---|---|
| committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-05-05 16:34:52 +0200 |
| commit | 04ac3a5a25f422027201de9c1f35d7e56d9ca05b (patch) | |
| tree | 028962ab4aea2b3b8f63d8c4ba4e53fddf4cc7a7 | |
| parent | 8e684c59d2ba8cd839be2a0bbf21201aec3f910b (diff) | |
| download | lsd0001-04ac3a5a25f422027201de9c1f35d7e56d9ca05b.tar.gz lsd0001-04ac3a5a25f422027201de9c1f35d7e56d9ca05b.zip | |
finish first pass
| -rw-r--r-- | draft-schanzen-gns.xml | 7 | ||||
| -rw-r--r-- | rs_review_202204.txt | 19 |
2 files changed, 13 insertions, 13 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 50f71cd..1f0ef16 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
| @@ -2534,7 +2534,9 @@ NICK: john (Supplemental) | |||
| 2534 | by having the respective domains seized by authorities. | 2534 | by having the respective domains seized by authorities. |
| 2535 | However, the same mechanisms can also be abused in order to impose | 2535 | However, the same mechanisms can also be abused in order to impose |
| 2536 | state censorship, which is one of the motivations behind GNS. | 2536 | state censorship, which is one of the motivations behind GNS. |
| 2537 | Hence, such a seizure is, by design, difficult to impossible in GNS. | 2537 | In GNS, TLDs are not enumerable. By design, the start zone of |
| 2538 | the resolver is defined locally and hence such a seizure is | ||
| 2539 | difficult and ineffective in GNS. | ||
| 2538 | <!--In particular, GNS does not support WHOIS (<xref target="RFC3912" />).--> | 2540 | <!--In particular, GNS does not support WHOIS (<xref target="RFC3912" />).--> |
| 2539 | </t> | 2541 | </t> |
| 2540 | </section> | 2542 | </section> |
| @@ -2548,7 +2550,8 @@ NICK: john (Supplemental) | |||
| 2548 | Zone administrators, and for GNS this includes end-users, are | 2550 | Zone administrators, and for GNS this includes end-users, are |
| 2549 | required to responsibly and diligently protect their cryptographic | 2551 | required to responsibly and diligently protect their cryptographic |
| 2550 | keys. | 2552 | keys. |
| 2551 | GNS supports offline signing of records. | 2553 | GNS supports signing records in advance ("offline") in order to |
| 2554 | support processes which aim to protect private keys such as air gaps. | ||
| 2552 | <!-- It does not support separate zone signing and key-signing keys | 2555 | <!-- It does not support separate zone signing and key-signing keys |
| 2553 | (as in <xref target="RFC6781" />) in order to provide usable security. This is not useful for any implementer --> | 2556 | (as in <xref target="RFC6781" />) in order to provide usable security. This is not useful for any implementer --> |
| 2554 | </t> | 2557 | </t> |
diff --git a/rs_review_202204.txt b/rs_review_202204.txt index 3b28856..e6e8e34 100644 --- a/rs_review_202204.txt +++ b/rs_review_202204.txt | |||
| @@ -14,7 +14,7 @@ Some people might be offended by "limiting" IANA registrations (e.g., Sec 5.3.3' | |||
| 14 | 14 | ||
| 15 | This seems incomplete, since an implementation needs to be able to talk to remote storage (i.e., the GET in sec 7ff), and that is not defined. Does the storage need to be globally consistent? What if two views diverge? Suggest you discuss that. Somewhat addressed in section 9.5, should be joined with the other global storage sections in my view. Okay if you disagree. | 15 | This seems incomplete, since an implementation needs to be able to talk to remote storage (i.e., the GET in sec 7ff), and that is not defined. Does the storage need to be globally consistent? What if two views diverge? Suggest you discuss that. Somewhat addressed in section 9.5, should be joined with the other global storage sections in my view. Okay if you disagree. |
| 16 | 16 | ||
| 17 | ======= TODO address this somehow? | 17 | ======= We think 9.5 is good enough |
| 18 | 18 | ||
| 19 | Some minor items, or nits, follow. None of them, in my view, are intended to block publication. | 19 | Some minor items, or nits, follow. None of them, in my view, are intended to block publication. |
| 20 | 20 | ||
| @@ -37,7 +37,7 @@ In the "Name" definition, do you mean "applications MAY *require* that ... "? | |||
| 37 | 37 | ||
| 38 | Using "Zone type" as the term for cipher and encoding seemed strange to me, why not "Zone Representation" or something shorter? One or two examples before the terms, with text identifying the parts in the definition, would be helpful. | 38 | Using "Zone type" as the term for cipher and encoding seemed strange to me, why not "Zone Representation" or something shorter? One or two examples before the terms, with text identifying the parts in the definition, would be helpful. |
| 39 | 39 | ||
| 40 | ===== Unclear. | 40 | ===== Unclear, should the terminology be moved? |
| 41 | 41 | ||
| 42 | Sec 3, "cryptographically secured zones" is redundant, aren't all zones cryptographically secured? | 42 | Sec 3, "cryptographically secured zones" is redundant, aren't all zones cryptographically secured? |
| 43 | 43 | ||
| @@ -111,22 +111,19 @@ Sec 9.3 seems very important. Somewhere up near the front you should forward-li | |||
| 111 | 111 | ||
| 112 | Sec 9.4, it's difficult because it requires law enforcement, etc., to get the private key? Is that really so hard? https://xkcd.com/538/ | 112 | Sec 9.4, it's difficult because it requires law enforcement, etc., to get the private key? Is that really so hard? https://xkcd.com/538/ |
| 113 | 113 | ||
| 114 | ==== No, because of the user-centric design for delegations. TODO: Clarify again in text? | 114 | ===== A misunderstanding that this is related to the private keys. Added a reasoning. |
| 115 | Because in GNS a zone does not necessarily have a single/unique parent zone. | ||
| 116 | The top-level domains are not enumerable. | ||
| 117 | The as the root zone is defined locally it is not enumerable. | ||
| 118 | 115 | ||
| 119 | Sec 9.5, "offline signing of records" not quite sure, maybe a better word, but I cannot think of one. | 116 | Sec 9.5, "offline signing of records" not quite sure, maybe a better word, but I cannot think of one. |
| 120 | 117 | ||
| 118 | ==== Signing of records in advance ("offline") | ||
| 119 | |||
| 121 | Sec 9.6, this belongs with Sec 6 I think. Should the DHT be part of the zone type? | 120 | Sec 9.6, this belongs with Sec 6 I think. Should the DHT be part of the zone type? |
| 122 | 121 | ||
| 123 | ==== That is an interesting question! | 122 | ==== That is an interesting question! We could introduce STORAGE record which defined the storage type. Example: Storage: Typenum (GANA) + Metadata e.g. 3294 (REST) + "https://example.com". OR 0 => R5N/GNUnet w/o metadata |
| 124 | ==== Introduce STORAGE record which defined the storage type. "Default": GNUnet. | 123 | ==== But, this would require a "glue" from the delegating zone: The zone owner must know the storages where the delegated zone exists. Any changes will have delays/inconsistencies. We decided to document this for a possible update of the protocol if the need arises. For now, it would be too complex and there is no real use case for this. |
| 125 | ==== Storage: Typenum (GANA) + Metadata e.g. 3294 (REST) + "https://example.com". OR 0 => R5N/GNUnet w/o metadata | ||
| 126 | ==== Or rather not? | ||
| 127 | 124 | ||
| 128 | Sec 9.7 is good. | 125 | Sec 9.7 is good. |
| 129 | 126 | ||
| 130 | Sec 12, last sentence of paragraph 1. "given that they are built on top of the same underlying DHT storage." Does that mean *any* implementation should interoperate? Does an implementation *have to use* the DHT storage? | 127 | Sec 12, last sentence of paragraph 1. "given that they are built on top of the same underlying DHT storage." Does that mean *any* implementation should interoperate? Does an implementation *have to use* the DHT storage? |
| 131 | 128 | ||
| 132 | ===== Fixed. Only If. | 129 | ===== Fixed: Only If. |