diff options
author | Christian Grothoff <christian@grothoff.org> | 2022-08-07 20:00:12 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2022-08-07 20:00:12 +0200 |
commit | 07f6bc8646568573cb8aa732701ced2e3692e831 (patch) | |
tree | be7364eabba12420a0f3cfa7a9a527beb798bacc | |
parent | 9c73fb68ecdc3122f58b1ca1a750eeb4b6411392 (diff) | |
download | lsd0001-07f6bc8646568573cb8aa732701ced2e3692e831.tar.gz lsd0001-07f6bc8646568573cb8aa732701ced2e3692e831.zip |
restructure intro
-rw-r--r-- | draft-schanzen-gns.xml | 62 |
1 files changed, 30 insertions, 32 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 7f99a2b..a90c318 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -111,45 +111,43 @@ | |||
111 | <section anchor="introduction" numbered="true" toc="default"> | 111 | <section anchor="introduction" numbered="true" toc="default"> |
112 | <name>Introduction</name> | 112 | <name>Introduction</name> |
113 | <t> | 113 | <t> |
114 | The Domain Name System (DNS) <xref target="RFC1035" /> is a unique | 114 | This specification describes the GNU Name System (GNS), a |
115 | distributed database and a vital service for most Internet applications. | 115 | censorship-resistant, privacy-preserving and decentralized |
116 | However, it was not designed with security in mind. This makes it very | 116 | domain name resolution protocol. GNS can bind names to any |
117 | vulnerable, especially to attackers that have the technical capabilities | 117 | kind of cryptographically secured token, enabling it to double |
118 | of an entire nation state at their disposal. | 118 | in some respects as an alternative to some of today’s public |
119 | key infrastructures. | ||
119 | </t> | 120 | </t> |
120 | <t> | 121 | <t> |
121 | This specification describes a censorship-resistant, privacy-preserving | 122 | In the terminology of the Domain Name System (DNS) <xref |
122 | and decentralized domain name resolution protocol: | 123 | target="RFC1035" />, GNS roughly follows the idea of a local |
123 | The GNU Name System (GNS), a development continuation of | 124 | root zone deployment (see <xref target="RFC8806"/>), with the |
124 | previous academic work on secure name systems <xref target="GNS" />. | 125 | difference that the design encourages alternative roots and |
125 | GNS can bind names to any kind of | 126 | does not expect all deployments use the same or any specific |
126 | cryptographically secured token, enabling it to double in some respects as | 127 | root zone. In the GNS reference implementation, users can |
127 | an alternative to some of today’s Public Key Infrastructures, in | 128 | autonomously and freely delegate control of names to zones |
128 | particular X.509 for the Web. | 129 | through their local configurations. |
129 | </t> | 130 | </t> |
130 | <t> | 131 | <t> |
131 | In DNS terminology, GNS roughly follows the idea of a local | 132 | Name resolution and zone dissemination is based on the |
132 | root zone deployment (see <xref target="RFC8806"/>), with the difference | 133 | principle of a petname system where users can assign local |
133 | that the protocol does not mandate that all deployments use the same | 134 | names to zones. The GNS has its roots in ideas from the Simple |
134 | or any specific root zone. | 135 | Distributed Security Infrastructure <xref target="SDSI" />, |
135 | Users can autonomously and freely delegate control of names to | 136 | enabling the decentralized mapping of secure identifiers to |
136 | zones through their local configurations. | 137 | memorable names. A first academic description of the |
138 | cryptographic ideas behind GNS can be found in <xref | ||
139 | target="GNS" />. | ||
137 | </t> | 140 | </t> |
138 | <t> | 141 | <t> |
139 | Name resolution and zone dissemination is based on the principle of a | 142 | This document defines the normative wire format of resource |
140 | petname system where users can assign local names to zones. | 143 | records, resolution processes, cryptographic routines and |
141 | It builds on ideas from the Simple Distributed Security | 144 | security considerations for use by implementers. |
142 | Infrastructure <xref target="SDSI" />, enabling the decentralized | ||
143 | mapping of secure identifiers to memorable names. | ||
144 | </t> | 145 | </t> |
145 | <t> | 146 | <t> |
146 | This document defines the normative wire format of resource records, resolution processes, | 147 | This specification was developed outside the IETF and does not |
147 | cryptographic routines and security considerations for use by implementers. | 148 | have IETF consensus. It is published here to guide |
148 | </t> | 149 | implementers of GNS and to ensure interoperability among |
149 | <t> | 150 | implementations. |
150 | This specification was developed outside the IETF and does not have | ||
151 | IETF consensus. It is published here to guide implementation of GNS | ||
152 | and to ensure interoperability among implementations. | ||
153 | </t> | 151 | </t> |
154 | <section numbered="true" toc="default"> | 152 | <section numbered="true" toc="default"> |
155 | <name>Requirements Notation</name> | 153 | <name>Requirements Notation</name> |
@@ -2561,7 +2559,7 @@ NICK: john (Supplemental) | |||
2561 | by a single microsecond even if the user did not request a change. | 2559 | by a single microsecond even if the user did not request a change. |
2562 | In case of deletion of all resource records under a label, the | 2560 | In case of deletion of all resource records under a label, the |
2563 | implementation <bcp14>MUST</bcp14> keep track of the last absolute expiration time | 2561 | implementation <bcp14>MUST</bcp14> keep track of the last absolute expiration time |
2564 | of the last published resource block. Implementations <bcp14>MAY</bcp14> define | 2562 | of the last published resource block. Implementations <bcp14>MAY</bcp14> define |
2565 | and use a special record type as a tombstone that preserves the last | 2563 | and use a special record type as a tombstone that preserves the last |
2566 | absolute expiration time, but then <bcp14>MUST</bcp14> take care to not publish a | 2564 | absolute expiration time, but then <bcp14>MUST</bcp14> take care to not publish a |
2567 | block with this record. | 2565 | block with this record. |