diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-05-20 22:54:11 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-05-20 22:54:11 +0200 |
commit | 2699b32e91b3e54b9675a30dfa3c16d21877916d (patch) | |
tree | cb318b667ffc001e2db9e44367ee0fa5be0fdd6b | |
parent | bd47a611a2c52bcc9cb98fc4787416f64b031dbf (diff) | |
download | lsd0001-2699b32e91b3e54b9675a30dfa3c16d21877916d.tar.gz lsd0001-2699b32e91b3e54b9675a30dfa3c16d21877916d.zip |
add migration
-rw-r--r-- | draft-schanzen-gns.xml | 76 |
1 files changed, 71 insertions, 5 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 9901932..df8976a 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -2,6 +2,7 @@ | |||
2 | <!DOCTYPE rfc [ | 2 | <!DOCTYPE rfc [ |
3 | <!ENTITY RFC1034 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml"> | 3 | <!ENTITY RFC1034 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml"> |
4 | <!ENTITY RFC1035 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml"> | 4 | <!ENTITY RFC1035 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml"> |
5 | <!ENTITY RFC1928 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1928.xml"> | ||
5 | <!ENTITY RFC2119 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"> | 6 | <!ENTITY RFC2119 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"> |
6 | <!--<!ENTITY RFC2693 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2693.xml">--> | 7 | <!--<!ENTITY RFC2693 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2693.xml">--> |
7 | <!ENTITY RFC2782 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2782.xml"> | 8 | <!ENTITY RFC2782 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2782.xml"> |
@@ -2963,6 +2964,7 @@ Purpose | Name | References | Comment | |||
2963 | </references> | 2964 | </references> |
2964 | <references> | 2965 | <references> |
2965 | <name>Informative References</name> | 2966 | <name>Informative References</name> |
2967 | &RFC1928; | ||
2966 | &RFC4033; | 2968 | &RFC4033; |
2967 | &RFC6066; | 2969 | &RFC6066; |
2968 | &RFC7363; | 2970 | &RFC7363; |
@@ -3144,9 +3146,14 @@ Purpose | Name | References | Comment | |||
3144 | </front> | 3146 | </front> |
3145 | </reference> | 3147 | </reference> |
3146 | 3148 | ||
3147 | 3149 | <reference anchor="nsswitch" target="https://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html"> | |
3148 | 3150 | <front> | |
3149 | 3151 | <title>System Databases and Name Service Switch</title> | |
3152 | <author> | ||
3153 | <organization>GNU Project</organization> | ||
3154 | </author> | ||
3155 | </front> | ||
3156 | </reference> | ||
3150 | 3157 | ||
3151 | </references> | 3158 | </references> |
3152 | <section> | 3159 | <section> |
@@ -3309,7 +3316,7 @@ Value Symbol Symbol | |||
3309 | specification. | 3316 | specification. |
3310 | </t> | 3317 | </t> |
3311 | </section> | 3318 | </section> |
3312 | <section> | 3319 | <section anchor="uc_virthost"> |
3313 | <name>Virtual Hosting</name> | 3320 | <name>Virtual Hosting</name> |
3314 | <t> | 3321 | <t> |
3315 | HTTP virtual hosting and TLS Server Name Indication are common | 3322 | HTTP virtual hosting and TLS Server Name Indication are common |
@@ -3382,7 +3389,66 @@ Host: 000G0037FH3QTBCK15Y8BCCNRVWPV17ZC7TSGB1C9ZG2TPGHZVFV1GMG3W | |||
3382 | For example, the name in the URL bar may remain as "www.example.gnu" | 3389 | For example, the name in the URL bar may remain as "www.example.gnu" |
3383 | even if the used unique name differs. | 3390 | even if the used unique name differs. |
3384 | </t> | 3391 | </t> |
3385 | </section> | 3392 | </section> |
3393 | <section> | ||
3394 | <name>Migration Paths</name> | ||
3395 | <t> | ||
3396 | DNS resolution is built into a variety of existing software | ||
3397 | components. | ||
3398 | Most significantly operating systems and HTTP clients. | ||
3399 | This section illustrates possible migration paths for both in order | ||
3400 | to enable "legacy" applications to resolve GNS names. | ||
3401 | </t> | ||
3402 | <t> | ||
3403 | One way to efficiently facilitate the resolution of GNS names | ||
3404 | are GNS-enabled DNS server implementations. | ||
3405 | Local DNS queries are thereby either rerouted or explicitly configured | ||
3406 | to be resolved by a "DNS-to-GNS" server that runs locally. | ||
3407 | This DNS server tries to interpret any incoming query for a name | ||
3408 | as a GNS resolution request. | ||
3409 | If no start zone can be found for the name and it does not end in | ||
3410 | a zTLD, the server tries to resolve the name in DNS. | ||
3411 | Otherwise, the name is resolved in GNS. | ||
3412 | In the latter case, the resulting record set is converted to a DNS | ||
3413 | answer packet and is returned accordingly. | ||
3414 | An implementation of a DNS-to-GNS server can be found in | ||
3415 | <xref target="GNUnet"/>. | ||
3416 | </t> | ||
3417 | <t> | ||
3418 | A similar approach is to use operating systems extensions such as | ||
3419 | the name service switch (<xref target="nsswitch"/>). | ||
3420 | It allows the system administrator to configure plugins | ||
3421 | which are used for hostname resolution. | ||
3422 | A GNS name service switch plugin can be used in a similar fashion as | ||
3423 | the "DNS-to-GNS" server. | ||
3424 | An implementation of a glibc-compatible nsswitch plugin for GNS | ||
3425 | can be found in <xref target="GNUnet"/>. | ||
3426 | </t> | ||
3427 | <t> | ||
3428 | The methods above are usually also effective for HTTP client | ||
3429 | software. | ||
3430 | However, HTTP clients are commonly used in combination with | ||
3431 | TLS. | ||
3432 | TLS certificate validation and in particular server name indication | ||
3433 | (SNI) requires additional logic in HTTP clients when GNS names are | ||
3434 | in play (<xref target="uc_virthost"/>). | ||
3435 | In order to transparently enable this functionality for migration | ||
3436 | purposes, a local GNS-aware SOCKS5 proxy <xref target="RFC1928"/> | ||
3437 | can be configured to resolve domain names. | ||
3438 | The SOCKS5 proxy, similar to the DNS-to-GNS server, is capable | ||
3439 | of resolving both GNS and DNS names. | ||
3440 | In the event of a TLS connection request with a GNS name, the SOCKS5 | ||
3441 | proxy can act as a man-in-the-middle, terminating the TLS connection | ||
3442 | and establishing a secure connection against the requested host. | ||
3443 | In order to establish a secure connection, the proxy may use LEHO | ||
3444 | and TLSA records stored in the record set under the GNS name. | ||
3445 | The proxy must provide a locally trusted certificate for the GNS | ||
3446 | name to the HTTP client which usually requires the generation and | ||
3447 | configuration of a local trust anchor in the browser. | ||
3448 | An implementation of this SOCKS5 proxy can be found in | ||
3449 | <xref target="GNUnet"/>. | ||
3450 | </t> | ||
3451 | </section> | ||
3386 | </section> | 3452 | </section> |
3387 | <section> | 3453 | <section> |
3388 | <name>Example flows</name> | 3454 | <name>Example flows</name> |