aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schanzenbach <schanzen@gnunet.org>2022-03-26 13:05:59 +0100
committerMartin Schanzenbach <schanzen@gnunet.org>2022-03-26 13:05:59 +0100
commit3767ef4116a2fc47aa64fd4da5ae159dea4be4b8 (patch)
tree756fbc49ff7597e3401dde5343f5225da6ea71bb
parent3324e16553dad65fc44ee96986051cfdd44cec88 (diff)
downloadlsd0001-3767ef4116a2fc47aa64fd4da5ae159dea4be4b8.tar.gz
lsd0001-3767ef4116a2fc47aa64fd4da5ae159dea4be4b8.zip
example flowsv12
Diffstat
-rw-r--r--draft-schanzen-gns.xml303
1 files changed, 222 insertions, 81 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index a57ca8f..c4474e1 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -1,4 +1,4 @@
1<?xml version='1.0' encoding='utf-8'? 1<?xml version='1.0' encoding='utf-8'?>
2<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent" [ 2<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent" [
3<!ENTITY RFC1034 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml"> 3<!ENTITY RFC1034 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml">
4<!ENTITY RFC1035 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml"> 4<!ENTITY RFC1035 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml">
@@ -197,6 +197,12 @@
197 the recursive name resolution logic defined in 197 the recursive name resolution logic defined in
198 <xref target="resolution"/>. 198 <xref target="resolution"/>.
199 </dd> 199 </dd>
200 <dt>Zone Master</dt>
201 <dd>
202 The zone master is the part of the GNS implementation which implements
203 local zone management and publication as defined in
204 <xref target="publish"/>.
205 </dd>
200 <dt>Name</dt> 206 <dt>Name</dt>
201 <dd> 207 <dd>
202 A name in GNS is a domain name as defined in <xref target="RFC8499"/> 208 A name in GNS is a domain name as defined in <xref target="RFC8499"/>
@@ -220,8 +226,8 @@
220 The apex label, label separator and the extension label have 226 The apex label, label separator and the extension label have
221 special purposes in the resolution protocol which are defined 227 special purposes in the resolution protocol which are defined
222 in the rest of the document. 228 in the rest of the document.
223 Zone administrators <bcp14>MAY</bcp14> disallow certain labels that may be easily 229 Zone administrators <bcp14>MAY</bcp14> disallow certain labels that
224 confused with other labels through registration policies. 230 might be easily confused with other labels through registration policies.
225 </dd> 231 </dd>
226 <dt>Apex Label</dt> 232 <dt>Apex Label</dt>
227 <dd> 233 <dd>
@@ -251,12 +257,12 @@
251 <dt>Top-Level Domain</dt> 257 <dt>Top-Level Domain</dt>
252 <dd> 258 <dd>
253 The rightmost part of a GNS name is a GNS Top-Level Domain (TLD). 259 The rightmost part of a GNS name is a GNS Top-Level Domain (TLD).
254 A GNS TLD may consist of one or more labels. 260 A GNS TLD can consist of one or more labels.
255 Unlike DNS Top-Level Domains (defined in <xref target="RFC8499"/>), 261 Unlike DNS Top-Level Domains (defined in <xref target="RFC8499"/>),
256 GNS does not expect all users to use the same global root zone. Instead, 262 GNS does not expect all users to use the same global root zone. Instead,
257 with the exception of Zone Top-Level Domains (see below), 263 with the exception of Zone Top-Level Domains (see below),
258 GNS TLDs are typically part of the configuration of the local resolver 264 GNS TLDs are typically part of the configuration of the local resolver
259 (see <xref target="governance"/>), and may thus not be globally unique. 265 (see <xref target="governance"/>), and might thus not be globally unique.
260 </dd> 266 </dd>
261 <dt>Zone</dt> 267 <dt>Zone</dt>
262 <dd> 268 <dd>
@@ -298,6 +304,14 @@
298 A zTLD label sequence can only be distinguished from ordinary TLD label sequences 304 A zTLD label sequence can only be distinguished from ordinary TLD label sequences
299 by attempting to decode the labels into a zone type and zone key. 305 by attempting to decode the labels into a zone type and zone key.
300 </dd> 306 </dd>
307 <dt>Start Zone</dt>
308 <dd>
309 In order to resolve any given GNS name an initial start zone must be
310 determined for this name.
311 The start zone may already be explicitly defined through a zTLD.
312 Otherwise, it is determined through a local suffix-to-zone mapping
313 (see <xref target="governance"/>).
314 </dd>
301 <dt>Resource Record</dt> 315 <dt>Resource Record</dt>
302 <dd> 316 <dd>
303 A GNS resource record is the information associated with a label in a 317 A GNS resource record is the information associated with a label in a
@@ -310,7 +324,7 @@
310 <section anchor="overview" numbered="true" toc="default"> 324 <section anchor="overview" numbered="true" toc="default">
311 <name>Overview</name> 325 <name>Overview</name>
312 <t> 326 <t>
313 In GNS, any user may create and manage one or more cryptographically 327 In GNS, any user can create and manage one or more cryptographically
314 secured zones (<xref target="zones"/>). 328 secured zones (<xref target="zones"/>).
315 Zones are uniquely identified by a zone key. 329 Zones are uniquely identified by a zone key.
316 Zone contents are signed using blinded private keys and 330 Zone contents are signed using blinded private keys and
@@ -354,26 +368,26 @@
354 </t> 368 </t>
355 <figure anchor="figure_arch_publish" title="An example diagram of two hosts publishing GNS zones."> 369 <figure anchor="figure_arch_publish" title="An example diagram of two hosts publishing GNS zones.">
356 <artwork name="" type="" align="left" alt=""><![CDATA[ 370 <artwork name="" type="" align="left" alt=""><![CDATA[
357 Local Host | Distributed | Remote Host 371 Local Host | Remote | Remote Host
358 | Storage | 372 | Storage |
359 | | 373 | |
360 | +--------+ | 374 | +---------+ |
361 | / /| | 375 | / /| |
362 +---------+ Publish | +--------+ | | Publish +---------+ 376 Publish | +---------+ | | Publish
363 | | Zones | | | | | Zones | | 377 +---------+ Records | | | | | Records +---------+
364 | GNS |----------|->| Public | |<-|----------| GNS | 378 | Zone |----------|->| Record | |<-|----------| Zone |
365 | | | | Zones | | | | | 379 | Master | | | Storage | | | | Master |
366 +---------+ | | |/ | +---------+ 380 +---------+ | | |/ | +---------+
367 A | +--------+ | A 381 A | +---------+ | A
368 | | | | 382 | | | |
369 +---------+ | | +---------+ 383 +---------+ | | +---------+
370 / | /| | | / | /| 384 / | /| | | / | /|
371 +---------+ | | | +---------+ | 385 +---------+ | | | +---------+ |
372 | | | | | | | | 386 | | | | | | | |
373 | Local | | | | | Local | | 387 | Local | | | | | Local | |
374 | Zones | | | | | Zones | | 388 | Zones | | | | | Zones | |
375 | |/ | | | |/ 389 | |/ | | | |/
376 +---------+ | | +---------+ 390 +---------+ | | +---------+
377 ]]></artwork> 391 ]]></artwork>
378 </figure> 392 </figure>
379 <t> 393 <t>
@@ -396,27 +410,27 @@
396 </t> 410 </t>
397 <figure anchor="figure_arch_resolv" title="High-level view of the GNS resolution process."> 411 <figure anchor="figure_arch_resolv" title="High-level view of the GNS resolution process.">
398 <artwork name="" type="" align="left" alt=""><![CDATA[ 412 <artwork name="" type="" align="left" alt=""><![CDATA[
399 Local Host | Distributed 413 Local Host | Remote
400 | Storage 414 | Storage
401 | 415 |
402 | +--------+ 416 | +---------+
403 | / /| 417 | / /|
404 | +--------+ | 418 | +---------+ |
405+-----------+ Name +---------+ Recursive | | | | 419+-----------+ Name +----------+ Recursive | | | |
406| | Lookup | | Resolution | | Public | | 420| | Lookup | | Resolution | | Record | |
407|Application|----------| GNS |-------------|->| Zones | | 421|Application|----------| Resolver |-------------|->| Storage | |
408| |<---------| |<------------|--| |/ 422| |<---------| |<------------|--| |/
409+-----------+ Results +---------+ Intermediate| +--------+ 423+-----------+ Results +----------+ Intermediate| +---------+
410 A Results | 424 A Results |
411 | | 425 | |
412 +---------+ | 426 +---------+ |
413 / | /| | 427 / | /| |
414 +---------+ | | 428 +---------+ | |
415 | | | | 429 | | | |
416 | Start | | | 430 | Start | | |
417 | Zones | | | 431 | Zones | | |
418 | |/ | 432 | |/ |
419 +---------+ | 433 +---------+ |
420 ]]></artwork> 434 ]]></artwork>
421 </figure> 435 </figure>
422 436
@@ -1705,17 +1719,17 @@ GET(key) -> value
1705 </t> 1719 </t>
1706 <figure anchor="figure_storage_publish" title="Management and publication of local zones in the distributed storage."> 1720 <figure anchor="figure_storage_publish" title="Management and publication of local zones in the distributed storage.">
1707 <artwork name="" type="" align="left" alt=""><![CDATA[ 1721 <artwork name="" type="" align="left" alt=""><![CDATA[
1708 Local Host | Distributed 1722 Local Host | Remote
1709 | Storage 1723 | Storage
1710 | 1724 |
1711 | +--------+ 1725 | +---------+
1712 | / /| 1726 | / /|
1713 | +--------+ | 1727 | +---------+ |
1714+-----------+ +---------+ | | | | 1728+-----------+ | | | |
1715| | | |PUT(q, RRBLOCK) | | Public | | 1729| | +---------+PUT(q, RRBLOCK) | | Record | |
1716| User | | GNS |----------------|->| Zones | | 1730| User | | Zone |----------------|->| Storage | |
1717| | | | | | |/ 1731| | | Master | | | |/
1718+-----------+ +---------+ | +--------+ 1732+-----------+ +---------+ | +---------+
1719 | A | 1733 | A |
1720 | | Zone records | 1734 | | Zone records |
1721 | | grouped by label | 1735 | | grouped by label |
@@ -1963,31 +1977,30 @@ q := SHA-512 (ZKDF(zk, label))
1963 </t> 1977 </t>
1964 <figure anchor="figure_resolution" title="The recursive GNS resolution process."> 1978 <figure anchor="figure_resolution" title="The recursive GNS resolution process.">
1965 <artwork name="" type="" align="left" alt=""><![CDATA[ 1979 <artwork name="" type="" align="left" alt=""><![CDATA[
1966 Local Host | Distributed 1980 Local Host | Remote
1967 | Storage 1981 | Storage
1968 | 1982 |
1969 | +--------+ 1983 | +---------+
1970 | / /| 1984 | / /|
1971 | +--------+ | 1985 | +---------+ |
1972+-----------+ (1) Name +---------+ | | | | 1986+-----------+ (1) Name +----------+ | | | |
1973| | Lookup | | (3a) GET(q) | | Public | | 1987| | Lookup | | (3a) GET(q) | | Record | |
1974|Application|----------| GNS |-------------------|->| Zones | | 1988|Application|----------| Resolver |---------------|->| Storage | |
1975| |<---------| |<------------------|--| |/ 1989| |<---------| |<--------------|--| |/
1976+-----------+ (4) +---------+ (3b) RRBLOCK | +--------+ 1990+-----------+ (4) +----------+ (3b) RRBLOCK | +---------+
1977 Records A | 1991 Records A |
1978 | | 1992 | |
1979 | | 1993 (2) Determination of | |
1980 (2) Determination of | | 1994 Start Zone | |
1981 Start Zone | | 1995 | |
1982 | | 1996 +---------+ |
1983 +---------+ | 1997 / | /| |
1984 / | /| | 1998 +---------+ | |
1985 +---------+ | | 1999 | | | |
1986 | | | | 2000 | Start | | |
1987 | Start | | | 2001 | Zones | | |
1988 | Zones | | | 2002 | |/ |
1989 | |/ | 2003 +---------+ |
1990 +---------+ |
1991 ]]></artwork> 2004 ]]></artwork>
1992 </figure> 2005 </figure>
1993 <section anchor="governance" numbered="true" toc="default"> 2006 <section anchor="governance" numbered="true" toc="default">
@@ -3148,6 +3161,134 @@ Value Symbol Symbol
3148 </figure> 3161 </figure>
3149 </section> 3162 </section>
3150 <section> 3163 <section>
3164 <name>Example flows</name>
3165 <section>
3166 <name>AAAA Example Resolution</name>
3167 <figure anchor="figure_resolution_ex_aaaa" title="Example resolution of an IPv6 address.">
3168 <artwork name="" type="" align="left" alt=""><![CDATA[
3169 Local Host | Remote
3170 | Storage
3171 |
3172 | +---------+
3173 | / /|
3174 | +---------+ |
3175+-----------+ (1) +----------+ | | | |
3176| | | | (4,6) | | Record | |
3177|Application|----------| Resolver |---------------|->| Storage | |
3178| |<---------| |<--------------|--| |/
3179+-----------+ (8) +----------+ (5,7) | +---------+
3180 A |
3181 | |
3182 (2,3) | |
3183 | |
3184 | |
3185 +---------+ |
3186 / v /| |
3187 +---------+ | |
3188 | | | |
3189 | Start | | |
3190 | Zones | | |
3191 | |/ |
3192 +---------+ |
3193 ]]></artwork>
3194 </figure>
3195 <ol>
3196 <li>Lookup AAAA record for name: www.example.gns.</li>
3197 <li>Determine start zone for www.example.gns.</li>
3198 <li>Start zone: zk0 - Remainder: www.example.</li>
3199 <li>Calculate q0=SHA512(ZKDF(zk0, "example")) and initiate GET(q0).</li>
3200 <li>Retrieve and decrypt RRBLOCK consisting of a single PKEY record containing zk1.</li>
3201 <li>Calculate q1=SHA512(ZKDF(zk1, "www")) and initiate GET(q1).</li>
3202 <li>Retrieve RRBLOCK consisting of a single AAAA record containing the IPv6 address 2001:db8::1.</li>
3203 <li>Return record set to application</li>
3204 </ol>
3205 </section>
3206 <section>
3207 <name>REDIRECT Example Resolution</name>
3208 <figure anchor="figure_resolution_ex_redir" title="Example resolution of an IPv6 address with redirect.">
3209 <artwork name="" type="" align="left" alt=""><![CDATA[
3210 Local Host | Remote
3211 | Storage
3212 |
3213 | +---------+
3214 | / /|
3215 | +---------+ |
3216+-----------+ (1) +----------+ | | | |
3217| | | | (4,6,8) | | Record | |
3218|Application|----------| Resolver |----------------|->| Storage | |
3219| |<---------| |<---------------|--| |/
3220+-----------+ (10) +----------+ (5,7,9) | +---------+
3221 A |
3222 | |
3223 (2,3) | |
3224 | |
3225 | |
3226 +---------+ |
3227 / v /| |
3228 +---------+ | |
3229 | | | |
3230 | Start | | |
3231 | Zones | | |
3232 | |/ |
3233 +---------+ |
3234 ]]></artwork>
3235 </figure>
3236 <ol>
3237 <li>Lookup AAAA record for name: www.example.tld.</li>
3238 <li>Determine start zone for www.example.tld.</li>
3239 <li>Start zone: zk0 - Remainder: www.example.</li>
3240 <li>Calculate q0=SHA512(ZKDF(zk0, "example")) and initiate GET(q0).</li>
3241 <li>Retrieve and decrypt RRBLOCK consisting of a single REDIRECT record containing zk1.</li>
3242 <li>Calculate q1=SHA512(ZKDF(zk1, "www")) and initiate GET(q1).</li>
3243 <li>Retrieve and decrypt RRBLOCK consisting of a single REDIRECT record containing www2.+.</li>
3244 <li>Calculate q2=SHA512(ZKDF(zk1, "www2")) and initiate GET(q2).</li>
3245 <li>Retrieve and decrypt RRBLOCK consisting of a single AAAA record containing the IPv6 address 2001:db8::1.</li>
3246 <li>Return record set to application.</li>
3247 </ol>
3248 </section>
3249 <section>
3250 <name>GNS2DNS Example Resolution</name>
3251 <figure anchor="figure_resolution_ex_gnsdns" title="Example resolution of an IPv6 address with DNS handover.">
3252 <artwork name="" type="" align="left" alt=""><![CDATA[
3253 Local Host | Remote
3254 | Storage
3255 |
3256 | +---------+
3257 | / /|
3258 | +---------+ |
3259+-----------+ (1) +----------+ | | | |
3260| | | | (4) | | Record | |
3261|Application|----------| Resolver |------------------|->| Storage | |
3262| |<---------| |<-----------------|--| |/
3263+-----------+ (8) +----------+ (5) | +---------+
3264 A A |
3265 | | (6,7) |
3266 (2,3) | +----------+ |
3267 | | |
3268 | v |
3269 +---------+ +------------+ |
3270 / v /| | System DNS | |
3271 +---------+ | | resolver | |
3272 | | | +------------+ |
3273 | Start | | |
3274 | Zones | | |
3275 | |/ |
3276 +---------+ |
3277 ]]></artwork>
3278 </figure>
3279 <ol>
3280 <li>Lookup AAAA record for name: www.example.gnu</li>
3281 <li>Determine start zone for www.example.gnu.</li>
3282 <li>Start zone: zk0 - Remainder: www.example.</li>
3283 <li>Calculate q0=SHA512(ZKDF(zk0, "example")) and initiate GET(q0).</li>
3284 <li>Retrieve and decrypt RRBLOCK consisting of a single GNS2DNS record containing the name example.com and the DNS server IPv4 address 192.0.2.1.</li>
3285 <li>Use system resolver to lookup an AAAA record for the DNS name www.example.com.</li>
3286 <li>Retrieve a DNS reply consisting of a single AAAA record containing the IPv6 address 2001:db8::1.</li>
3287 <li>Return record set to application.</li>
3288 </ol>
3289 </section>
3290 </section>
3291 <section>
3151 <name>Test Vectors</name> 3292 <name>Test Vectors</name>
3152 <t> 3293 <t>
3153 The following are test vectors for the Base32GNS encoding used for zTLDs. 3294 The following are test vectors for the Base32GNS encoding used for zTLDs.
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-16 06:47:28 +0000