diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-03-27 12:40:48 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-03-27 12:40:48 +0200 |
commit | 29de0da053d1ff3e92d0a7c2dfb3dd7c3407907d (patch) | |
tree | db3ade168c6653cea7bf216b325796c3d18db7e8 | |
parent | 92b46818b0f5a6375781cfb74d551d8c121b0068 (diff) | |
download | lsd0001-29de0da053d1ff3e92d0a7c2dfb3dd7c3407907d.tar.gz lsd0001-29de0da053d1ff3e92d0a7c2dfb3dd7c3407907d.zip |
may cleanup; what is implementation cleanup
-rw-r--r-- | draft-schanzen-gns.xml | 102 |
1 files changed, 53 insertions, 49 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 096c0d2..c159ecb 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -193,13 +193,13 @@ | |||
193 | </dd> | 193 | </dd> |
194 | <dt>Resolver</dt> | 194 | <dt>Resolver</dt> |
195 | <dd> | 195 | <dd> |
196 | The resolver is the part of the GNS implementation which implements | 196 | The resolver is the part of the GNS implementation which provides |
197 | the recursive name resolution logic defined in | 197 | the recursive name resolution logic defined in |
198 | <xref target="resolution"/>. | 198 | <xref target="resolution"/>. |
199 | </dd> | 199 | </dd> |
200 | <dt>Zone Master</dt> | 200 | <dt>Zone Master</dt> |
201 | <dd> | 201 | <dd> |
202 | The zone master is the part of the GNS implementation which implements | 202 | The zone master is the part of the GNS implementation which provides |
203 | local zone management and publication as defined in | 203 | local zone management and publication as defined in |
204 | <xref target="publish"/>. | 204 | <xref target="publish"/>. |
205 | </dd> | 205 | </dd> |
@@ -309,7 +309,7 @@ | |||
309 | <dd> | 309 | <dd> |
310 | In order to resolve any given GNS name an initial start zone must be | 310 | In order to resolve any given GNS name an initial start zone must be |
311 | determined for this name. | 311 | determined for this name. |
312 | The start zone may already be explicitly defined through a zTLD. | 312 | The start zone can be explicitly defined through a zTLD. |
313 | Otherwise, it is determined through a local suffix-to-zone mapping | 313 | Otherwise, it is determined through a local suffix-to-zone mapping |
314 | (see <xref target="governance"/>). | 314 | (see <xref target="governance"/>). |
315 | </dd> | 315 | </dd> |
@@ -326,7 +326,8 @@ | |||
326 | <name>Overview</name> | 326 | <name>Overview</name> |
327 | <t> | 327 | <t> |
328 | In GNS, any user can create and manage one or more cryptographically | 328 | In GNS, any user can create and manage one or more cryptographically |
329 | secured zones (<xref target="zones"/>). | 329 | secured zones (<xref target="zones"/>) as part of a zone master |
330 | implementation. | ||
330 | Zones are uniquely identified by a zone key. | 331 | Zones are uniquely identified by a zone key. |
331 | Zone contents are signed using blinded private keys and | 332 | Zone contents are signed using blinded private keys and |
332 | encrypted using derived secret keys. | 333 | encrypted using derived secret keys. |
@@ -392,7 +393,7 @@ | |||
392 | ]]></artwork> | 393 | ]]></artwork> |
393 | </figure> | 394 | </figure> |
394 | <t> | 395 | <t> |
395 | Applications use the GNS implementation to lookup GNS names. | 396 | Applications use the resolver to lookup GNS names. |
396 | Starting from a configurable start zone, names are resolved by following zone | 397 | Starting from a configurable start zone, names are resolved by following zone |
397 | delegations recursively as illustrated in <xref target="figure_arch_resolv"/>. | 398 | delegations recursively as illustrated in <xref target="figure_arch_resolv"/>. |
398 | For each label in a name, the recursive GNS resolver | 399 | For each label in a name, the recursive GNS resolver |
@@ -437,8 +438,8 @@ | |||
437 | 438 | ||
438 | <t> | 439 | <t> |
439 | In the remainder of this document, the "implementer" refers to the developer building | 440 | In the remainder of this document, the "implementer" refers to the developer building |
440 | a GNS implementation including, for example, zone management tools and | 441 | a GNS implementation including the resolver, zone master, and |
441 | name resolution components. | 442 | supporting configuration such as start zones (<xref target="governance"/>). |
442 | </t> | 443 | </t> |
443 | </section> | 444 | </section> |
444 | <section anchor="zones" numbered="true" toc="default"> | 445 | <section anchor="zones" numbered="true" toc="default"> |
@@ -525,7 +526,8 @@ | |||
525 | <t> | 526 | <t> |
526 | The cryptographic functions of the default ztypes are specified with | 527 | The cryptographic functions of the default ztypes are specified with |
527 | their corresponding delegation records in <xref target="gnsrecords_delegation"/>. | 528 | their corresponding delegation records in <xref target="gnsrecords_delegation"/>. |
528 | New ztypes may be specified in the future, for example if the | 529 | In order to support the specification of additional ztypes in the future, |
530 | for example if the | ||
529 | cryptographic mechanisms used in this document are broken. | 531 | cryptographic mechanisms used in this document are broken. |
530 | </t> | 532 | </t> |
531 | <section anchor="zTLD" numbered="true" toc="default"> | 533 | <section anchor="zTLD" numbered="true" toc="default"> |
@@ -675,7 +677,8 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
675 | must be found that on average have D leading zeroes. | 677 | must be found that on average have D leading zeroes. |
676 | </t> | 678 | </t> |
677 | <t> | 679 | <t> |
678 | The resulting proofs may then published and disseminated. The concrete | 680 | The resulting proofs are ready for dissemination. |
681 | The concrete | ||
679 | dissemination and publication methods are out of scope of this | 682 | dissemination and publication methods are out of scope of this |
680 | document. Given an average difficulty of D, the proofs have an | 683 | document. Given an average difficulty of D, the proofs have an |
681 | expiration time of EPOCH. With each additional bit difficulty, the | 684 | expiration time of EPOCH. With each additional bit difficulty, the |
@@ -739,8 +742,8 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
739 | The field <bcp14>SHOULD</bcp14> be set to EPOCH * 1.1. | 742 | The field <bcp14>SHOULD</bcp14> be set to EPOCH * 1.1. |
740 | Given an average number of leading zeros D', then the field value | 743 | Given an average number of leading zeros D', then the field value |
741 | <bcp14>MAY</bcp14> be increased up to (D'-D) * EPOCH * 1.1. | 744 | <bcp14>MAY</bcp14> be increased up to (D'-D) * EPOCH * 1.1. |
742 | Lower or higher values may result in rejection of the revocation | 745 | Validators <bcp14>MAY</bcp14> reject messages with lower or higher |
743 | message when broadcast. | 746 | values when received. |
744 | The EPOCH is extended by | 747 | The EPOCH is extended by |
745 | 10% in order to deal with unsynchronized clocks. | 748 | 10% in order to deal with unsynchronized clocks. |
746 | </dd> | 749 | </dd> |
@@ -847,8 +850,7 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
847 | The validity period added on top of the TIMESTAMP yields the | 850 | The validity period added on top of the TIMESTAMP yields the |
848 | expiration date. | 851 | expiration date. |
849 | If the current time is after the expiration date, the | 852 | If the current time is after the expiration date, the |
850 | revocation is considered stale but may still be otherwise | 853 | revocation is considered stale. |
851 | considered valid. | ||
852 | </t> | 854 | </t> |
853 | <t> | 855 | <t> |
854 | Verified revocations <bcp14>MUST</bcp14> be stored locally. | 856 | Verified revocations <bcp14>MUST</bcp14> be stored locally. |
@@ -861,10 +863,10 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
861 | Should the calculated validity period differ from the TTL field value, | 863 | Should the calculated validity period differ from the TTL field value, |
862 | the calculated value <bcp14>MUST</bcp14> be used as TTL field value | 864 | the calculated value <bcp14>MUST</bcp14> be used as TTL field value |
863 | when forwarding the revocation message. | 865 | when forwarding the revocation message. |
864 | Systems may disagree on the current time, so implementations | 866 | Systems might disagree on the current time, so implementations |
865 | <bcp14>MAY</bcp14> use stale but otherwise valid | 867 | <bcp14>MAY</bcp14> use stale but otherwise valid |
866 | revocations but <bcp14>SHOULD NOT</bcp14> broadcast them. | 868 | revocations but <bcp14>SHOULD NOT</bcp14> broadcast them. |
867 | Forwarded stale revocations may be discarded. | 869 | Forwarded stale revocations <bcp14>MAY</bcp14> be discarded. |
868 | </t> | 870 | </t> |
869 | <t> | 871 | <t> |
870 | Any locally stored revocation <bcp14>MUST</bcp14> be considered during | 872 | Any locally stored revocation <bcp14>MUST</bcp14> be considered during |
@@ -943,8 +945,8 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
943 | Flags indicate metadata surrounding the resource record. | 945 | Flags indicate metadata surrounding the resource record. |
944 | An application creating resource records <bcp14>MUST</bcp14> set all bits | 946 | An application creating resource records <bcp14>MUST</bcp14> set all bits |
945 | to 0 unless it wants to set the respective flag. | 947 | to 0 unless it wants to set the respective flag. |
946 | Additional flags may be defined in future protocol versions, | 948 | As additional flags can be defined in future protocol versions, |
947 | If an application or implementation encounters a flag which it does not | 949 | if an application or implementation encounters a flag which it does not |
948 | recognize, it <bcp14>MUST</bcp14> be ignored. | 950 | recognize, it <bcp14>MUST</bcp14> be ignored. |
949 | Any combination of the flags specified below are valid. | 951 | Any combination of the flags specified below are valid. |
950 | <xref target="figure_flag"/> | 952 | <xref target="figure_flag"/> |
@@ -973,7 +975,7 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
973 | records of the same record type have expired. Used to allow zone publishers to | 975 | records of the same record type have expired. Used to allow zone publishers to |
974 | facilitate good performance when records change by allowing them to put future | 976 | facilitate good performance when records change by allowing them to put future |
975 | values of records into the storage. | 977 | values of records into the storage. |
976 | This way, future values can propagate and may be | 978 | This way, future values can propagate and can be |
977 | cached before the transition becomes active. | 979 | cached before the transition becomes active. |
978 | </dd> | 980 | </dd> |
979 | <dt>SUPPLEMENTAL</dt> | 981 | <dt>SUPPLEMENTAL</dt> |
@@ -981,7 +983,7 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
981 | This is a supplemental record. It is provided in addition to the | 983 | This is a supplemental record. It is provided in addition to the |
982 | other records. This flag indicates that this record is not explicitly | 984 | other records. This flag indicates that this record is not explicitly |
983 | managed alongside the other records under the respective name but | 985 | managed alongside the other records under the respective name but |
984 | may be useful for the application. | 986 | might be useful for the application. |
985 | </dd> | 987 | </dd> |
986 | </dl> | 988 | </dl> |
987 | <section anchor="gnsrecords_delegation" numbered="true" toc="default"> | 989 | <section anchor="gnsrecords_delegation" numbered="true" toc="default"> |
@@ -993,7 +995,7 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
993 | the GNU Name System Record Types registry (see <xref target="gana"/>). | 995 | the GNU Name System Record Types registry (see <xref target="gana"/>). |
994 | Not supporting some zone types will result in resolution failures in case | 996 | Not supporting some zone types will result in resolution failures in case |
995 | the respective zone type is encountered. | 997 | the respective zone type is encountered. |
996 | This may be a valid choice if some zone delegation record types have been | 998 | This is be a valid choice if some zone delegation record types have been |
997 | determined to be cryptographically insecure. | 999 | determined to be cryptographically insecure. |
998 | Zone delegation records <bcp14>MUST NOT</bcp14> be stored and published | 1000 | Zone delegation records <bcp14>MUST NOT</bcp14> be stored and published |
999 | under the apex label. | 1001 | under the apex label. |
@@ -1278,7 +1280,7 @@ ZKDF(zk,label): | |||
1278 | <t> | 1280 | <t> |
1279 | Implementers <bcp14>SHOULD</bcp14> employ a constant time scalar | 1281 | Implementers <bcp14>SHOULD</bcp14> employ a constant time scalar |
1280 | multiplication for the constructions above to protect against | 1282 | multiplication for the constructions above to protect against |
1281 | timing attacks. Otherwise, timing attacks may leak private key | 1283 | timing attacks. Otherwise, timing attacks could leak private key |
1282 | material if an attacker can predict when a system starts the | 1284 | material if an attacker can predict when a system starts the |
1283 | publication process. | 1285 | publication process. |
1284 | <!--Also, implementers | 1286 | <!--Also, implementers |
@@ -1428,13 +1430,13 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1428 | <section anchor="gnsrecords_redirect" numbered="true" toc="default"> | 1430 | <section anchor="gnsrecords_redirect" numbered="true" toc="default"> |
1429 | <name>Redirection Records</name> | 1431 | <name>Redirection Records</name> |
1430 | <t> | 1432 | <t> |
1431 | Redirect records may be used to redirect resolution. | 1433 | Redirect records are used to redirect resolution. |
1432 | Any implementation <bcp14>SHOULD</bcp14> support all redirection record types defined here | 1434 | Any implementation <bcp14>SHOULD</bcp14> support all redirection record types defined here |
1433 | and <bcp14>MAY</bcp14> support any number of additional redirection records defined in | 1435 | and <bcp14>MAY</bcp14> support any number of additional redirection records defined in |
1434 | the GNU Name System Record Types registry (see Section <xref target="gana"/>). | 1436 | the GNU Name System Record Types registry (see Section <xref target="gana"/>). |
1435 | Redirection records <bcp14>MUST</bcp14> have the CRITICAL flag set. | 1437 | Redirection records <bcp14>MUST</bcp14> have the CRITICAL flag set. |
1436 | Not supporting some record types may consequently result in resolution failures. | 1438 | Not supporting some record types can result in resolution failures. |
1437 | This may be a valid choice if some redirection record types have been | 1439 | This can be a valid choice if some redirection record types have been |
1438 | determined to be insecure, or if an application has reasons to not | 1440 | determined to be insecure, or if an application has reasons to not |
1439 | support redirection to DNS for reasons such as complexity or security. | 1441 | support redirection to DNS for reasons such as complexity or security. |
1440 | Redirection records <bcp14>MUST NOT</bcp14> be stored and published under the apex label. | 1442 | Redirection records <bcp14>MUST NOT</bcp14> be stored and published under the apex label. |
@@ -1468,7 +1470,7 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1468 | <dt>REDIRECT NAME</dt> | 1470 | <dt>REDIRECT NAME</dt> |
1469 | <dd> | 1471 | <dd> |
1470 | The name to continue with. | 1472 | The name to continue with. |
1471 | The value of a redirect record may be a regular name, or a relative | 1473 | The value of a redirect record can be a regular name, or a relative |
1472 | name. | 1474 | name. |
1473 | Relative GNS names are indicated by an extension label (U+002B, "+") | 1475 | Relative GNS names are indicated by an extension label (U+002B, "+") |
1474 | as rightmost label. | 1476 | as rightmost label. |
@@ -1515,9 +1517,9 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1515 | </dd> | 1517 | </dd> |
1516 | <dt>DNS SERVER NAME</dt> | 1518 | <dt>DNS SERVER NAME</dt> |
1517 | <dd> | 1519 | <dd> |
1518 | The DNS server to use. May be an IPv4 address in dotted-decimal | 1520 | The DNS server to use. This value can be an IPv4 address in dotted-decimal |
1519 | form or an IPv6 address in colon-hexadecimal form or a DNS name. | 1521 | form or an IPv6 address in colon-hexadecimal form or a DNS name. |
1520 | It may also be a relative GNS name ending with a | 1522 | It can also be a relative GNS name ending with a |
1521 | "+" as the rightmost label. | 1523 | "+" as the rightmost label. |
1522 | The implementation <bcp14>MUST</bcp14> check the string syntactically for | 1524 | The implementation <bcp14>MUST</bcp14> check the string syntactically for |
1523 | an IP address in the respective notation before checking for a | 1525 | an IP address in the respective notation before checking for a |
@@ -1553,8 +1555,8 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1553 | is required to establish a connection to such a service. | 1555 | is required to establish a connection to such a service. |
1554 | The most common use case is HTTP virtual hosting, where a DNS name must | 1556 | The most common use case is HTTP virtual hosting, where a DNS name must |
1555 | be supplied in the HTTP "Host"-header. | 1557 | be supplied in the HTTP "Host"-header. |
1556 | Using a GNS name for the "Host"-header may not work as | 1558 | Using a GNS name for the "Host"-header might not work as |
1557 | it may not be globally unique. Furthermore, even if uniqueness is | 1559 | it might not be globally unique. Furthermore, even if uniqueness is |
1558 | not an issue, the legacy service might not even be aware of GNS. | 1560 | not an issue, the legacy service might not even be aware of GNS. |
1559 | </t> | 1561 | </t> |
1560 | <t> | 1562 | <t> |
@@ -1782,7 +1784,7 @@ q := SHA-512 (ZKDF(zk, label)) | |||
1782 | encryption scheme. | 1784 | encryption scheme. |
1783 | A GNS implementation publishes RRBLOCKs | 1785 | A GNS implementation publishes RRBLOCKs |
1784 | in accordance to the properties and recommendations of the underlying | 1786 | in accordance to the properties and recommendations of the underlying |
1785 | storage. This may include a periodic refresh operation to ensure the | 1787 | storage. This can include a periodic refresh operation to ensure the |
1786 | availability of the published RRBLOCKs. | 1788 | availability of the published RRBLOCKs. |
1787 | The GNS RRBLOCK wire format is illustrated in | 1789 | The GNS RRBLOCK wire format is illustrated in |
1788 | <xref target="figure_record_block"/>. | 1790 | <xref target="figure_record_block"/>. |
@@ -2076,9 +2078,10 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2076 | <name>Recursion</name> | 2078 | <name>Recursion</name> |
2077 | <t> | 2079 | <t> |
2078 | In each step of the recursive name resolution, there is an | 2080 | In each step of the recursive name resolution, there is an |
2079 | authoritative zone zk and a name to resolve. The name may be empty. | 2081 | authoritative zone zk and a name to resolve. |
2080 | Initially, the authoritative zone is the start zone. If the name | 2082 | The name <bcp14>MAY</bcp14> be empty. |
2081 | is empty, it is interpreted as the apex label "@". | 2083 | If the name is empty, it is interpreted as the apex label "@". |
2084 | Initially, the authoritative zone is the start zone. | ||
2082 | </t> | 2085 | </t> |
2083 | <t> | 2086 | <t> |
2084 | From here, the following steps are recursively executed, in order: | 2087 | From here, the following steps are recursively executed, in order: |
@@ -2109,7 +2112,7 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2109 | To filter records by validity, the resolver | 2112 | To filter records by validity, the resolver |
2110 | <bcp14>MUST</bcp14> at least check the expiration time and the FLAGS field of the | 2113 | <bcp14>MUST</bcp14> at least check the expiration time and the FLAGS field of the |
2111 | respective record. In particular, SHADOW and | 2114 | respective record. In particular, SHADOW and |
2112 | SUPPLEMENTAL flags may exclude the record from being considered. | 2115 | SUPPLEMENTAL flags can exclude the record from being considered. |
2113 | If the resolver encounters a record with the CRITICAL flag set and | 2116 | If the resolver encounters a record with the CRITICAL flag set and |
2114 | does not support the record type the resolution <bcp14>MUST</bcp14> be aborted | 2117 | does not support the record type the resolution <bcp14>MUST</bcp14> be aborted |
2115 | and an error <bcp14>MUST</bcp14> be returned. The information that the critical | 2118 | and an error <bcp14>MUST</bcp14> be returned. The information that the critical |
@@ -2173,7 +2176,7 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2173 | current zone. | 2176 | current zone. |
2174 | Otherwise, the resulting name is resolved via the | 2177 | Otherwise, the resulting name is resolved via the |
2175 | default operating system name resolution process. | 2178 | default operating system name resolution process. |
2176 | This may in turn trigger a GNS name resolution process depending | 2179 | This can in turn trigger a GNS name resolution process depending |
2177 | on the system configuration. | 2180 | on the system configuration. |
2178 | In case resolution continues in DNS, the name <bcp14>MUST</bcp14> first be | 2181 | In case resolution continues in DNS, the name <bcp14>MUST</bcp14> first be |
2179 | converted to an IDNA compliant representation <xref target="RFC5890" />. | 2182 | converted to an IDNA compliant representation <xref target="RFC5890" />. |
@@ -2202,7 +2205,7 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2202 | GNS2DNS records <bcp14>MAY</bcp14> | 2205 | GNS2DNS records <bcp14>MAY</bcp14> |
2203 | contain numeric IPv4 or IPv6 addresses, allowing the resolver to | 2206 | contain numeric IPv4 or IPv6 addresses, allowing the resolver to |
2204 | skip this step. | 2207 | skip this step. |
2205 | The DNS server names may themselves be names in GNS or DNS. | 2208 | The DNS server names might themselves be names in GNS or DNS. |
2206 | If the rightmost label of the DNS server name is the extension label | 2209 | If the rightmost label of the DNS server name is the extension label |
2207 | (U+002B, "+"), the rest of the name is to be | 2210 | (U+002B, "+"), the rest of the name is to be |
2208 | interpreted relative to the zone of the GNS2DNS record. | 2211 | interpreted relative to the zone of the GNS2DNS record. |
@@ -2211,7 +2214,7 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2211 | the GNS zone zk. | 2214 | the GNS zone zk. |
2212 | </t> | 2215 | </t> |
2213 | <t> | 2216 | <t> |
2214 | Multiple GNS2DNS records may be stored under the same label, | 2217 | Multiple GNS2DNS records can be stored under the same label, |
2215 | in which case the resolver <bcp14>MUST</bcp14> try all of them. | 2218 | in which case the resolver <bcp14>MUST</bcp14> try all of them. |
2216 | The resolver <bcp14>MAY</bcp14> try them in any order or even in parallel. | 2219 | The resolver <bcp14>MAY</bcp14> try them in any order or even in parallel. |
2217 | If multiple GNS2DNS records are present, the DNS name <bcp14>MUST</bcp14> be | 2220 | If multiple GNS2DNS records are present, the DNS name <bcp14>MUST</bcp14> be |
@@ -2231,7 +2234,7 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2231 | the DNS name from the GNS2DNS record is appended | 2234 | the DNS name from the GNS2DNS record is appended |
2232 | to the remainder of the name to be resolved, and | 2235 | to the remainder of the name to be resolved, and |
2233 | resolved by querying the DNS name server(s). | 2236 | resolved by querying the DNS name server(s). |
2234 | The synthesized name may have to be converted to an IDNA compliant | 2237 | The synthesized name has to be converted to an IDNA compliant |
2235 | representation <xref target="RFC5890" /> for resolution in DNS. | 2238 | representation <xref target="RFC5890" /> for resolution in DNS. |
2236 | If such a conversion is not possible, the resolution <bcp14>MUST</bcp14> be aborted | 2239 | If such a conversion is not possible, the resolution <bcp14>MUST</bcp14> be aborted |
2237 | and an error <bcp14>MUST</bcp14> be returned. The information that the critical | 2240 | and an error <bcp14>MUST</bcp14> be returned. The information that the critical |
@@ -2323,7 +2326,7 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2323 | <t> | 2326 | <t> |
2324 | NICK records are only relevant to the recursive resolver | 2327 | NICK records are only relevant to the recursive resolver |
2325 | if the record set in question is the final result which is to | 2328 | if the record set in question is the final result which is to |
2326 | be returned to the application. The encountered NICK records may either | 2329 | be returned to the application. The encountered NICK records can either |
2327 | be supplemental (see <xref target="rrecords"/>) or | 2330 | be supplemental (see <xref target="rrecords"/>) or |
2328 | non-supplemental. | 2331 | non-supplemental. |
2329 | If the NICK record is supplemental, the resolver only returns the | 2332 | If the NICK record is supplemental, the resolver only returns the |
@@ -2429,8 +2432,9 @@ NICK: john (Supplemental) | |||
2429 | <t> | 2432 | <t> |
2430 | In terms of crypto-agility, whenever the need for an updated cryptographic | 2433 | In terms of crypto-agility, whenever the need for an updated cryptographic |
2431 | scheme arises to, for example, replace ECDSA over Ed25519 for | 2434 | scheme arises to, for example, replace ECDSA over Ed25519 for |
2432 | PKEY records it may simply be introduced | 2435 | PKEY records it can simply be introduced |
2433 | through a new record type. Such a new record type may then replace | 2436 | through a new record type. |
2437 | Zone administrators can then replace | ||
2434 | the delegation record type for future records. | 2438 | the delegation record type for future records. |
2435 | The old record type remains | 2439 | The old record type remains |
2436 | and zones can iteratively migrate to the updated zone keys. | 2440 | and zones can iteratively migrate to the updated zone keys. |
@@ -2471,7 +2475,7 @@ NICK: john (Supplemental) | |||
2471 | be after the last published block. | 2475 | be after the last published block. |
2472 | For records where an absolute expiration time is used, the implementation | 2476 | For records where an absolute expiration time is used, the implementation |
2473 | <bcp14>MUST</bcp14> ensure that the expiration time is always increased when the record | 2477 | <bcp14>MUST</bcp14> ensure that the expiration time is always increased when the record |
2474 | data changes. For example, the expiration time on the wire may be increased | 2478 | data changes. For example, the expiration time on the wire could be increased |
2475 | by a single microsecond even if the user did not request a change. | 2479 | by a single microsecond even if the user did not request a change. |
2476 | In case of deletion of all resource records under a label, the | 2480 | In case of deletion of all resource records under a label, the |
2477 | implementation <bcp14>MUST</bcp14> keep track of the last absolute expiration time | 2481 | implementation <bcp14>MUST</bcp14> keep track of the last absolute expiration time |
@@ -2494,7 +2498,7 @@ NICK: john (Supplemental) | |||
2494 | GNS names are UTF-8 strings. Consequently, GNS faces similar issues | 2498 | GNS names are UTF-8 strings. Consequently, GNS faces similar issues |
2495 | with respect to name spoofing as DNS does for internationalized | 2499 | with respect to name spoofing as DNS does for internationalized |
2496 | domain names. | 2500 | domain names. |
2497 | In DNS, attackers may register similar sounding or looking | 2501 | In DNS, attackers can register similar sounding or looking |
2498 | names (see above) in order to execute phishing attacks. | 2502 | names (see above) in order to execute phishing attacks. |
2499 | GNS zone administrators must take into account this attack vector and | 2503 | GNS zone administrators must take into account this attack vector and |
2500 | incorporate rules in order to mitigate it. | 2504 | incorporate rules in order to mitigate it. |
@@ -2513,7 +2517,7 @@ NICK: john (Supplemental) | |||
2513 | <t> | 2517 | <t> |
2514 | In GNS, zone administrators need to manage and protect their zone | 2518 | In GNS, zone administrators need to manage and protect their zone |
2515 | keys. Once a zone key is lost, it cannot be recovered or revoked. | 2519 | keys. Once a zone key is lost, it cannot be recovered or revoked. |
2516 | Revocation messages may be pre-calculated if revocation is | 2520 | Revocation messages can be pre-calculated if revocation is |
2517 | required in case a zone key is lost. | 2521 | required in case a zone key is lost. |
2518 | Zone administrators, and for GNS this includes end-users, are | 2522 | Zone administrators, and for GNS this includes end-users, are |
2519 | required to responsibly and diligently protect their cryptographic | 2523 | required to responsibly and diligently protect their cryptographic |
@@ -2539,7 +2543,7 @@ NICK: john (Supplemental) | |||
2539 | While implementations following this specification will be | 2543 | While implementations following this specification will be |
2540 | interoperable, if two implementations connect to different storages | 2544 | interoperable, if two implementations connect to different storages |
2541 | they are mutually unreachable. | 2545 | they are mutually unreachable. |
2542 | This may lead to a state where a record may exist in the global | 2546 | This can lead to a state where a record exists in the global |
2543 | namespace for a particular name, but the implementation is not | 2547 | namespace for a particular name, but the implementation is not |
2544 | communicating with the storage and is hence unable to resolve it. | 2548 | communicating with the storage and is hence unable to resolve it. |
2545 | This situation is similar to a split-horizon DNS configuration. | 2549 | This situation is similar to a split-horizon DNS configuration. |
@@ -2547,8 +2551,8 @@ NICK: john (Supplemental) | |||
2547 | it is built for. | 2551 | it is built for. |
2548 | The storage used will most likely depend on the specific application | 2552 | The storage used will most likely depend on the specific application |
2549 | context using GNS resolution. | 2553 | context using GNS resolution. |
2550 | For example, one application may be the resolution of hidden services | 2554 | For example, one application is the resolution of hidden services |
2551 | within the Tor network, which may suggest using Tor routers for storage. | 2555 | within the Tor network, which would suggest using Tor routers for storage. |
2552 | <!-- FIXME: add non-normative reference to Tor / Tor hidden services here? --> | 2556 | <!-- FIXME: add non-normative reference to Tor / Tor hidden services here? --> |
2553 | Implementations of "aggregated" storages are conceivable, but | 2557 | Implementations of "aggregated" storages are conceivable, but |
2554 | are expected to be the exception. | 2558 | are expected to be the exception. |
@@ -2578,7 +2582,7 @@ NICK: john (Supplemental) | |||
2578 | Zone administrators are advised to pre-generate zone revocations | 2582 | Zone administrators are advised to pre-generate zone revocations |
2579 | and to securely store the revocation information in case the zone | 2583 | and to securely store the revocation information in case the zone |
2580 | key is lost, compromised or replaced in the future. | 2584 | key is lost, compromised or replaced in the future. |
2581 | Pre-calculated revocations may cease to be valid due to expirations | 2585 | Pre-calculated revocations can cease to be valid due to expirations |
2582 | or protocol changes such as epoch adjustments. | 2586 | or protocol changes such as epoch adjustments. |
2583 | Consequently, implementers and users must take precautions in order | 2587 | Consequently, implementers and users must take precautions in order |
2584 | to manage revocations accordingly. | 2588 | to manage revocations accordingly. |
@@ -2617,7 +2621,7 @@ NICK: john (Supplemental) | |||
2617 | within a zone. | 2621 | within a zone. |
2618 | Record blocks are published in encrypted form using keys derived from the | 2622 | Record blocks are published in encrypted form using keys derived from the |
2619 | zone key and record label. Zone administrators should | 2623 | zone key and record label. Zone administrators should |
2620 | carefully consider if the label and zone key may be public or if | 2624 | carefully consider if the label and zone key is public or if |
2621 | those should be used and considered as a shared secret. | 2625 | those should be used and considered as a shared secret. |
2622 | Unlike zone keys, labels can also be guessed by | 2626 | Unlike zone keys, labels can also be guessed by |
2623 | an attacker in the network observing queries and responses. Given | 2627 | an attacker in the network observing queries and responses. Given |