changed wording more for private zone key to private key

1 files changed, 43 insertions, 43 deletions

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 6effff4..987082e 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -191,7 +191,7 @@
        using a blinded public/private key pair.
        This blinding is realized using a deterministic key
        derivation from
-       the original public and private zone keys using record label values.
+       the original zone key and corresponding private key using record label values.
        Specifically, the zone owner can derive private keys for each record
        set published under a label, and a
        resolver can derive the corresponding public keys.
@@ -207,12 +207,12 @@
        Names in GNS are domain names as defined in <xref target="RFC8499"/>.
        Starting from a configurable root zone, names are resolved following zone
        delegations which are recursively queried from the storage (<xref target="resolution"/>).
-       Without knowledge of the label values and the zone public keys, the
+       Without knowledge of the label values and the zone keys, the
        different derived keys are unlinkable both to the original key and to each
        other.
        This prevents zone enumeration and requires knowledge
-       of both the public zone key and the label to confirm affiliation with a
-       specific zone. At the same time, the blinded zone public key provides
+       of both the zone key and the label to confirm affiliation with a
+       specific zone. At the same time, the blinded zone key provides
        resolvers
        with the ability to verify the integrity of the published information
        without disclosing the originating zone.
@@ -246,7 +246,7 @@
          delegation into a zone of this type.
        </t>
        <t>
-         For any zone, d is the private zone key. zk is the public zone key.
+         For any zone, d is the private key. zk is the zone key.
          The specific formats depends on the zone type.
          The creation of zone keys for the default zone types are specified in
          <xref target="gnsrecords_delegation"/>.
@@ -257,21 +257,21 @@
      <dl>
        <dt>Private-KeyGen() -> d</dt>
        <dd>
-         is a function to generate a fresh private zone key d.
+         is a function to generate a fresh private key d.
        </dd>
        <dt>Public-KeyGen(d) -> zk</dt>
        <dd>
-         is a function to derive a public zone key zk from a private key d.
+         is a function to derive a zone key zk from a private key d.
        </dd>
        <dt>ZKDF-Private(d,label) -> d'</dt>
        <dd>
-         is a zone key derivation function which blinds a private zone key d
+         is a zone key derivation function which blinds a private key d
          using label, resulting in another private key which
          can be used to create cryptographic signatures.
        </dd>
        <dt>ZKDF-Public(zk,label) -> zk'</dt>
        <dd>
-         is a zone key derivation function which blinds a public zone key zk
+         is a zone key derivation function which blinds a zone key zk
          using a label. zk and zk' must be unlinkable. Furthermore,
          blinding zk with different values for the label must result
          in unlinkable different resulting values for zk'.
@@ -279,7 +279,7 @@
        <dt>S-Encrypt(zk,label,nonce,expiration,message) -> ciphertext</dt>
        <dd>
          is a deterministic symmetric encryption function which encrypts the record
-         data based on key material derived from the public zone key,
+         data based on key material derived from the zone key,
          a label, a nonce and an expiration.
          In order to leverage performance-enhancing caching features of certain
          underlying storages, in particular DHTs, a deterministic encryption
@@ -288,7 +288,7 @@
        <dt>S-Decrypt(zk,label,nonce,expiration,ciphertext) -> message</dt>
        <dd>
          is a symmetric encryption function which decrypts the encrypted record
-         data based on key material derived from the public zone key,
+         data based on key material derived from the zone key,
          a label, a nonce an expiration.
        </dd>
        <dt>Sign(d',message) -> signature</dt>
@@ -311,14 +311,14 @@
        <name>Zone ID</name>
 
        <t>The zone ID zid is a unique public identifier of a zone.
-         It consists of the ztype and the public zone key zk.
+         It consists of the ztype and the zone key zk.
          The wire format is illustrated in <xref target="figure_zid"/>.
        </t>
      <figure anchor="figure_zid">
        <artwork name="" type="" align="left" alt=""><![CDATA[
 0     8     16    24    32    40    48    56
 +-----+-----+-----+-----+-----+-----+-----+-----+
-|       ZONE TYPE       |      ZONE PUBLIC KEY  /
+|       ZONE TYPE       |      ZONE KEY         /
 +-----+-----+-----+-----+                       /
 /                                               /
 /                                               /
@@ -418,7 +418,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
        <t>
          In order to revoke a zone key, a signed revocation object MUST be
          published.
-         This object MUST be signed using the private zone key.
+         This object MUST be signed using the private key.
          The revocation object is broadcast to the network.
          The specification of the broadcast mechanism is out of scope of this
          document.
@@ -468,7 +468,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
 +-----------------------------------------------+
 |                   TIMESTAMP                   |
 +-----------------------------------------------+
-|       ZONE TYPE       |    ZONE PUBLIC KEY    |
+|       ZONE TYPE       |    ZONE KEY           |
 +-----+-----+-----+-----+                       |
 /                                               /
 /                                               /
@@ -491,7 +491,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
          <dd>
            is the 32-bit zone type.
          </dd>
-         <dt>ZONE PUBLIC KEY</dt>
+         <dt>ZONE KEY</dt>
          <dd>
            is the 256-bit public key zk of the zone which is being revoked.
            The wire format of this value is defined in <xref target="RFC8032" />,
@@ -544,7 +544,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
 +-----+-----+-----+-----+-----+-----+-----+-----+
 |                     POW_Z-1                   |
 +-----------------------------------------------+
-|       ZONE TYPE       |    ZONE PUBLIC KEY    |
+|       ZONE TYPE       |    ZONE KEY           |
 +-----+-----+-----+-----+                       |
 /                                               /
 /                                               /
@@ -584,19 +584,19 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
          </dd>
          <dt>ZONE TYPE</dt>
          <dd>
-           The 32-bit zone type corresponding to the zone public key.
+           The 32-bit zone type corresponding to the zone key.
          </dd>
-         <dt>ZONE PUBLIC KEY</dt>
+         <dt>ZONE KEY</dt>
          <dd>
            is the public key zk of the zone which is being revoked and
            the key to be used to verify SIGNATURE.
          </dd>
          <dt>SIGNATURE</dt>
          <dd>
-           A signature over a timestamp and the public zone zk of the zone
+           A signature over a timestamp and the zone zk of the zone
            which is revoked and corresponds to the key used in the PoW.
            The signature is created using the Sign() function of
-           the cryptosystem of the zone and the private zone key
+           the cryptosystem of the zone and the private key
            (see <xref target="ztype" />).
          </dd>
        </dl>
@@ -614,7 +614,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
 +-----+-----+-----+-----+-----+-----+-----+-----+
 |                   TIMESTAMP                   |
 +-----+-----+-----+-----+-----+-----+-----+-----+
-|       ZONE TYPE       |     ZONE PUBLIC KEY   |
+|       ZONE TYPE       |     ZONE KEY          |
 +-----+-----+-----+-----+                       |
 /                                               /
 /                                               /
@@ -635,9 +635,9 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
          </dd>
          <dt>ZONE TYPE</dt>
          <dd>
-           The 32-bit zone type corresponding to the zone public key.
+           The 32-bit zone type corresponding to the zone key.
          </dd>
-         <dt>ZONE PUBLIC KEY / TIMESTAMP</dt>
+         <dt>ZONE KEY / TIMESTAMP</dt>
          <dd>Both values as defined in the revocation data object above.</dd>
        </dl>
        <t>
@@ -835,12 +835,12 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
        <dl>
          <dt>d</dt>
          <dd>
-           is a 256-bit ECDSA private zone key. The generation of the private
+           is a 256-bit ECDSA private key. The generation of the private
            scalar as defined in Section 2.2. of <xref target="RFC6979" /> represents the Private-KeyGen() function.
          </dd>
          <dt>zk</dt>
          <dd>
-           is the ECDSA public zone key corresponding to d. Its generation is
+           is the ECDSA zone key corresponding to d. Its generation is
            defined in Section 2.2. of <xref target="RFC6979" /> as the curve point d*G where G
            is the group generator of the elliptic curve.
            This generation represents the Public-KeyGen(d) function.
@@ -889,7 +889,7 @@ zk' := h mod L * zk
          <xref target="RFC5869" />, using HMAC-SHA512 for the extraction
          phase and HMAC-SHA256 for the expansion phase.
          PRK_h is key material retrieved using an HKDF using the string
-         "key-derivation" as salt and the public zone key as initial
+         "key-derivation" as salt and the zone key as initial
          keying material.
          h is the 512-bit HKDF expansion result and must be interpreted in
          network byte order. The expansion information input is
@@ -998,7 +998,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
          <dl>
            <dt>d</dt>
            <dd>
-             is a 256-bit EdDSA private zone key. The generation as defined
+             is a 256-bit EdDSA private key. The generation as defined
              in Section 3.2. of <xref target="RFC8032" /> and represents the Private-KeyGen()
              function.
            </dd>
@@ -1009,7 +1009,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
            </dd>
            <dt>zk</dt>
            <dd>
-             is the EdDSA public zone key corresponding to d. It is defined in
+             is the EdDSA public key corresponding to d. It is defined in
              Section 3.2 of <xref target="RFC8032" /> as the curve point a*G where G is the
              group generator of the elliptic curve and a is an integer
              derived from d using the SHA512 hash function.
@@ -1072,14 +1072,14 @@ zk' := h * zk
            <xref target="RFC5869" />, using HMAC-SHA512 for the extraction
            phase and HMAC-SHA256 for the expansion phase.
            PRK_h is key material retrieved using an HKDF using the string
-           "key-derivation" as salt and the public zone key as initial
+           "key-derivation" as salt and the zone key as initial
            keying material.
            The blinding factor h is the 512-bit HKDF expansion result.
            The expansion information input is
            a concatenation of the label and the string "gns".
            The result of the HKDF must be clamped and interpreted in network
            byte order.
-           a is the 256-bit integer corresponding to the 256-bit private zone
+           a is the 256-bit integer corresponding to the 256-bit private 
            key d.
            The label is a UTF-8 string under which the resource records are
            published.
@@ -1273,7 +1273,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
          the label that a zone prefers to have used when it is referred to.
          This is a suggestion to other zones what label to use when creating a
          delegation record (<xref target="gnsrecords_delegation" />) containing
-         this zone's public zone key.
+         this zone key.
          This record SHOULD only be stored under the empty label "@" but MAY be
          returned with record sets under any label as a supplemental record.
          <xref target="nick_processing"/> details how a resolver must process
@@ -1452,13 +1452,13 @@ q := SHA512 (HDKD-Public(zk, label))
          </dd>
          <dt>zk</dt>
          <dd>
-           is the public zone key.
+           is the zone key.
          </dd>
          <dt>q</dt>
          <dd>
            Is the 512-bit storage key under which the resource records block is
            published.
-           It is the SHA512 hash over the derived public zone key.
+           It is the SHA512 hash over the derived zone key.
          </dd>
        </dl>
      </section>
@@ -1481,7 +1481,7 @@ q := SHA512 (HDKD-Public(zk, label))
          <artwork name="" type="" align="left" alt=""><![CDATA[
 0     8     16    24    32    40    48    56
 +-----+-----+-----+-----+-----+-----+-----+-----+
-|       ZONE TYPE       |    ZONE PUBLIC KEY    |
+|       ZONE TYPE       |    ZONE KEY           |
 +-----+-----+-----+-----+       (BLINDED)       |
 /                                               /
 /                                               /
@@ -1508,9 +1508,9 @@ q := SHA512 (HDKD-Public(zk, label))
          <dd>
            is the 32-bit zone type.
          </dd>
-         <dt>ZONE PUBLIC KEY</dt>
+         <dt>ZONE KEY</dt>
          <dd>
-           is the blinded public zone key "ZKDF-Public(zk, label)"
+           is the blinded zone key "ZKDF-Public(zk, label)"
            to be used to verify SIGNATURE.
          </dd>
          <dt>SIGNATURE</dt>
@@ -1635,7 +1635,7 @@ q := SHA512 (HDKD-Public(zk, label))
      </t>
      <t>
        GNS resolution of a name must start in a given starting zone indicated using
-       a zone public key.
+       a zone key.
        Details on how the starting zone may be determined is discussed in
        <xref target="governance" />.
      </t>
@@ -1654,7 +1654,7 @@ q := SHA512 (HDKD-Public(zk, label))
        <name>Root Zone</name>
        <t>
          The resolution of a GNS name must start in a given start zone
-         indicated to the resolver using any public zone key.
+         indicated to the resolver using any zone key.
          The local resolver may have a local start zone configured/hard-coded
          which points to a local or remote start zone key.
          A resolver client may also determine the start zone from the
@@ -1674,7 +1674,7 @@ q := SHA512 (HDKD-Public(zk, label))
          GNS clients MUST first try to interpret the top-level domain of
          a GNS name as a zone key representation (i.e. a zTLD).
          If the top-level domain is indicated to be a label representation of
-         a public zone key with a supported zone type value, the root zone of
+         a zone key with a supported zone type value, the root zone of
          the resolution process is implicitly given by the suffix of the name:
        </t>
        <artwork name="" type="" align="left" alt=""><![CDATA[
@@ -2157,12 +2157,12 @@ NICK: john (Supplemental)
          <name>Label Guessing</name>
          <t>
            Record blocks are published encrypted using keys derived from the
-           zone public key and record label. Zone administrators should
+           zone key and record label. Zone administrators should
            carefully consider if the label and zone key may be public or if
            those should be used and considered as a shared secret.
            Unlike zone keys, labels can also be guessed by
            an attacker in the network observing queries and responses. Given
-           a known and targeted zone public key, the use of well known or easily guessable
+           a known and targeted zone key, the use of well known or easily guessable
            labels effectively result in general disclosure of the records to
            the public.
            If the labels and hence the records should be kept secret except to
@@ -2172,7 +2172,7 @@ NICK: john (Supplemental)
          </t>
          <t>
            It should be noted that this attack on labels only applies if the
-           zone public key is somehow disclosed to the adversary. GNS itself
+           zone key is somehow disclosed to the adversary. GNS itself
            does not disclose it during a lookup or when resource records are
            published as the zone keys are blinded beforehand.
          </t>