diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-05-20 19:56:41 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-05-20 19:56:41 +0200 |
commit | 44a01f414b44c625b7b24a4ad6d72b2fc625d3da (patch) | |
tree | 6702689179b1516bd723ae74539152e72ff157c2 | |
parent | f34be766564619034f3f8048b74cfbb81fe0e6c8 (diff) | |
download | lsd0001-44a01f414b44c625b7b24a4ad6d72b2fc625d3da.tar.gz lsd0001-44a01f414b44c625b7b24a4ad6d72b2fc625d3da.zip |
use cases
-rw-r--r-- | draft-schanzen-gns.xml | 275 |
1 files changed, 165 insertions, 110 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 8d29003..10009a7 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -322,7 +322,7 @@ | |||
322 | zone key of a zone. | 322 | zone key of a zone. |
323 | Due to the statistical uniqueness of zone keys, zTLDs are also globally unique. | 323 | Due to the statistical uniqueness of zone keys, zTLDs are also globally unique. |
324 | A zTLD label sequence can only be distinguished from ordinary TLD label sequences | 324 | A zTLD label sequence can only be distinguished from ordinary TLD label sequences |
325 | by attempting to decode the labels into a zone type and zone key. | 325 | by attempting to decode the labels into a zone type and zone key. |
326 | </dd> | 326 | </dd> |
327 | 327 | ||
328 | <dt>Zone Type</dt> | 328 | <dt>Zone Type</dt> |
@@ -3203,6 +3203,169 @@ Value Symbol Symbol | |||
3203 | </figure> | 3203 | </figure> |
3204 | </section> | 3204 | </section> |
3205 | <section> | 3205 | <section> |
3206 | <name>Use Cases</name> | ||
3207 | <t> | ||
3208 | This section outlines a number of specific use cases which may | ||
3209 | help to fill the gaps not addressed in the technical specification | ||
3210 | itself. | ||
3211 | </t> | ||
3212 | <section anchor="day_in_zoneowner"> | ||
3213 | <name>Zone Dissemination</name> | ||
3214 | <t> | ||
3215 | In order to become a zone owner, it is sufficient to generate | ||
3216 | a zone key and a corresponding secret key using a GNS implementation. | ||
3217 | At this point, the zone owner can manage GNS resource records in a | ||
3218 | local zone database. | ||
3219 | The resource records can then be published by a GNS implementation | ||
3220 | as defined in <xref target="publish"/>. | ||
3221 | For other users to resolve the resource records, respective | ||
3222 | zone information must be disseminated first. | ||
3223 | The zone owner may decide to make the zone key and labels known | ||
3224 | to a selected set of users only or to make this information available | ||
3225 | to the general public. | ||
3226 | </t> | ||
3227 | <t> | ||
3228 | Sharing zone information directly with specific users not only allows | ||
3229 | to potentially preserve zone and record privacy, but also allows | ||
3230 | the zone owner and the user to establish strong trust relationships. | ||
3231 | For example, a bank may send a customer letter with a QR code which | ||
3232 | contains the GNS zone of the bank. | ||
3233 | This allows the user to scan the QR code and establish a strong | ||
3234 | link to the zone of the bank and with it, for example, the IP address | ||
3235 | of the online banking web site. | ||
3236 | </t> | ||
3237 | <t> | ||
3238 | Most Internet services likely want to make their zones available | ||
3239 | to the general public as efficiently as possible. | ||
3240 | First, it is reasonable to assume that zones which are commanding | ||
3241 | high levels of reputation and trust are likely included in the | ||
3242 | default suffix-to-zone mappings of implementations. | ||
3243 | Hence dissemination of a zone through delegation under such zones | ||
3244 | can be a viable path in order to disseminate a zone publicly. | ||
3245 | For example, it is conceivable that organizations such as ICANN | ||
3246 | or country-code top-level domain registrars also manage GNS zones | ||
3247 | and offer registration or delegation services. | ||
3248 | </t> | ||
3249 | <t> | ||
3250 | Following best practices in particularly those relating to | ||
3251 | security and abuse mitigation are methods which allow zone owners | ||
3252 | and aspiring registrars to gain a good reputation and eventually | ||
3253 | trust. | ||
3254 | This includes, of course, diligent protection of private zone key | ||
3255 | material. | ||
3256 | Formalizing such best practices is out of scope of this | ||
3257 | specification and should be addressed in a separate document and take | ||
3258 | <xref target="security"/> into account. | ||
3259 | </t> | ||
3260 | </section> | ||
3261 | <section> | ||
3262 | <name>Suffix-to-zone Configuration</name> | ||
3263 | <t> | ||
3264 | A user is expected to install a GNS implementation if it is not already | ||
3265 | provided through other means such as the operating system | ||
3266 | or the browser. | ||
3267 | It is likely that the implementation ships with a configurable | ||
3268 | default suffix-to-name mapping. | ||
3269 | This means that the user is able to resolve GNS names ending on a | ||
3270 | zTLD or ending on a configured suffix-to-name mapping. | ||
3271 | At this point the user may delete or otherwise modify the | ||
3272 | implementation's default suffix-to-name mapping: | ||
3273 | </t> | ||
3274 | <t> | ||
3275 | Deletion of mappings may become necessary of the | ||
3276 | zone owner referenced by the mapping has lost the trust of the user. | ||
3277 | For example, this could be due to lax registration policies resulting | ||
3278 | in phishing activities. | ||
3279 | Modification and addition of new mappings are means to heal the | ||
3280 | namespace perforation which would occur in the case of a deletion | ||
3281 | or to simply establish a strong direct trust relationship. | ||
3282 | However, this requires the user's knowledge of the respective zone | ||
3283 | keys. | ||
3284 | This information must be retrieved out of band, as illustrated in | ||
3285 | <xref target="day_in_zoneowner"/>: | ||
3286 | A bank may send the user a letter with a QR code which contains the | ||
3287 | GNS zone of the bank. | ||
3288 | Other examples include scanning the QR off the device of a friend, | ||
3289 | from a storefront, or an advertisement. | ||
3290 | The level of trust in the respective zone is contextual and likely | ||
3291 | varies from user to user. | ||
3292 | Trust in a zone provided through a letter from a bank which | ||
3293 | may also include a credit card is certainly different from a zone | ||
3294 | found on a random advertisement in the streets. | ||
3295 | However, this trust is immediately tangible to the user and can | ||
3296 | be reflected in the local naming as well. | ||
3297 | </t> | ||
3298 | <t> | ||
3299 | User clients should facilitate the suffix-to-name modification | ||
3300 | process, for example by providing a QR code reader or other import | ||
3301 | mechanisms. | ||
3302 | Implementations are ideally implemented | ||
3303 | according to best practices, particular addressing applicable points | ||
3304 | from <xref target="security"/>. | ||
3305 | Formalizing such best practices is out of scope of this | ||
3306 | specification. | ||
3307 | </t> | ||
3308 | </section> | ||
3309 | <section> | ||
3310 | <name>Virtual Hosting</name> | ||
3311 | <t> | ||
3312 | HTTP virtual hosting and TLS Server Name Indication are common | ||
3313 | use cases on the Web. | ||
3314 | The HTTP client such as a browser supplies a DNS name in the HTTP | ||
3315 | "Host"-header or the TLS handshake, respectively. | ||
3316 | This allows the HTTP server to serve the indicated virtual host | ||
3317 | with a matching TLS handshake. | ||
3318 | Any resource record in GNS can be represented as a concatenation of | ||
3319 | of a GNS label and the zTLD of the zone. | ||
3320 | While not human-readable, this property of GNS names can be | ||
3321 | leveraged in order to facilitate the same use cases. | ||
3322 | </t> | ||
3323 | <t> | ||
3324 | Consider the GNS name "www.example.gns" entered in a GNS-aware | ||
3325 | HTTP client. | ||
3326 | At first, "www.example.gns" is resolved using GNS yielding a record | ||
3327 | set. | ||
3328 | Then, the HTTP client first determines the virtual host as follows: | ||
3329 | </t> | ||
3330 | <ol> | ||
3331 | <li>If there is a LEHO record (<xref target="gnsrecords_leho"/>) in | ||
3332 | the record set, then the HTTP client uses the record value in the | ||
3333 | "Host"-header field of the HTTP request. Example: | ||
3334 | "Host: www.example.com".</li> | ||
3335 | <li> | ||
3336 | If there is no LEHO record in the record set, | ||
3337 | then the HTTP client tries to find the zone of the record | ||
3338 | and translates the GNS name into an unabiguous | ||
3339 | zTLD-representation before using it in the "Host"-header field of | ||
3340 | the HTTP request. Example: | ||
3341 | "Host: www.000G0037FH3QTBCK15Y8BCCNRVWPV17ZC7TSGB1C9ZG2TPGHZVFV1GMG3W". | ||
3342 | </li> | ||
3343 | </ol> | ||
3344 | <t> | ||
3345 | In order to determine a canonical representation of the record with | ||
3346 | a zTLD, at most two queries are required: | ||
3347 | First, it must be checked whether "www.example.com" itself points to | ||
3348 | a zone delegation record which would imply that the record set which | ||
3349 | was originally resolved is published under the apex label. | ||
3350 | If it does, the unique GNS name is simply the zTLD representation | ||
3351 | of the delegated zone: "Host: 000G0037FH3QTBCK15Y8BCCNRVWPV17ZC7TSGB1C9ZG2TPGHZVFV1GMG3W". | ||
3352 | If it does not, the unique GNS name is the concatenation of the | ||
3353 | label "www" and the zTLD representation of the zone as given in the | ||
3354 | example above. | ||
3355 | In any case, this representation is globally unique. | ||
3356 | As such, it can be configured by the HTTP server administrator as a | ||
3357 | virtual host name. | ||
3358 | </t> | ||
3359 | <t> | ||
3360 | If the HTTP client is a browser, the use of a unique GNS name | ||
3361 | for virtual hosting or TLS SNI does not necessarily have to be | ||
3362 | shown to the user. | ||
3363 | For example, the name in the URL bar may remain as "www.example.gnu" | ||
3364 | even if the used unique name differs. | ||
3365 | </t> | ||
3366 | </section> | ||
3367 | </section> | ||
3368 | <section> | ||
3206 | <name>Example flows</name> | 3369 | <name>Example flows</name> |
3207 | <section> | 3370 | <section> |
3208 | <name>AAAA Example Resolution</name> | 3371 | <name>AAAA Example Resolution</name> |
@@ -3329,115 +3492,7 @@ Value Symbol Symbol | |||
3329 | <li>Return record set to application.</li> | 3492 | <li>Return record set to application.</li> |
3330 | </ol> | 3493 | </ol> |
3331 | </section> | 3494 | </section> |
3332 | <section anchor="day_in_zoneowner"> | 3495 | |
3333 | <name>Use-case: Zone Owner</name> | ||
3334 | <t> | ||
3335 | In order to become a zone owner, it is sufficient to generate | ||
3336 | a zone key and a corresponding secret key using a GNS implementation. | ||
3337 | At this point, the zone owner can manage GNS resource records in a | ||
3338 | local zone database. | ||
3339 | The resource records can then be published by a GNS implementation | ||
3340 | as defined in <xref target="publish"/>. | ||
3341 | </t> | ||
3342 | <t> | ||
3343 | In order for other users to resolve the resource records, respective | ||
3344 | zone information must be disseminated first. | ||
3345 | The zone owner may decide to make the zone key and labels known | ||
3346 | to a selected set of users only or to make this information available | ||
3347 | to the general public. | ||
3348 | </t> | ||
3349 | <t> | ||
3350 | Sharing zone information directly with specific users not only allows | ||
3351 | to potentially preserve zone and record privacy, but also allows | ||
3352 | the zone owner and the user to establish strong trust relationships. | ||
3353 | For example, a bank may send a customer letter with a QR code which | ||
3354 | contains the GNS zone of the bank. | ||
3355 | This allows the user to scan the QR code and establish a strong | ||
3356 | link to the zone of the bank and with it, for example, the IP address | ||
3357 | of the online banking web site. | ||
3358 | </t> | ||
3359 | <t> | ||
3360 | Most Internet services likely want to make their zones available | ||
3361 | to the general public as efficiently as possible. | ||
3362 | First, it is reasonable to assume that zones which are commanding | ||
3363 | high levels of reputation and trust are likely included in the | ||
3364 | default suffix-to-zone mappings of implementations. | ||
3365 | Hence dissemination of a zone through delegation under such zones | ||
3366 | can be a viable path in order to disseminate a zone publicly. | ||
3367 | For example, it is conceivable that organizations such as ICANN | ||
3368 | or country-code top-level domain registrars also manage GNS zones | ||
3369 | and offer registration or delegation services. | ||
3370 | </t> | ||
3371 | <t> | ||
3372 | Following best practices in particularly those relating to | ||
3373 | security and abuse mitigation are methods which allow zone owners | ||
3374 | and aspiring registrars to gain a good reputation and eventually | ||
3375 | trust. | ||
3376 | This includes, of course, diligent protection of private zone key | ||
3377 | material. | ||
3378 | Formalizing such best practices is out of scope of this | ||
3379 | specification and should be addressed in a separate document addressing | ||
3380 | <xref target="security"/>. | ||
3381 | </t> | ||
3382 | </section> | ||
3383 | <section> | ||
3384 | <name>Use-case: End-user</name> | ||
3385 | <t> | ||
3386 | A user is expected to install a GNS implementation if it is not already | ||
3387 | provided through other means such as the operating system | ||
3388 | or the browser. | ||
3389 | </t> | ||
3390 | <t> | ||
3391 | It is expected that in any case, the implementation likely ships | ||
3392 | with a configurable default suffix-to-name mapping. | ||
3393 | This means that the user is able to resolve GNS names ending on a | ||
3394 | zTLD or ending on a configured suffix-to-name mapping. | ||
3395 | </t> | ||
3396 | <t> | ||
3397 | At this point the user may modify the implementation's default | ||
3398 | suffix-to-name mapping. | ||
3399 | This includes: | ||
3400 | </t> | ||
3401 | <ul> | ||
3402 | <li>Deletion of mappings.</li> | ||
3403 | <li>Modification of a mapping</li> | ||
3404 | <li>Addition of a new mapping</li> | ||
3405 | </ul> | ||
3406 | <t> | ||
3407 | The user may delete mappings. This may become necessary of the | ||
3408 | zone owner referenced by the mapping has lost the trust of the user. | ||
3409 | For example, this could be due to lax registration policies resulting | ||
3410 | in phishing activities. | ||
3411 | </t> | ||
3412 | <t> | ||
3413 | Modification and addition of new mappings are means to heal the | ||
3414 | namespace perforation which would occur in the case of a deletion | ||
3415 | or to simply establish a strong direct trust relationship. | ||
3416 | However, this requires the user's knowledge of respective zone | ||
3417 | information. | ||
3418 | This information must be retrieved out of band, as illustrated in | ||
3419 | <xref target="day_in_zoneowner"/>: | ||
3420 | A bank may send the user a letter with a QR code which contains the | ||
3421 | GNS zone of the bank. | ||
3422 | Other examples include scanning the QR off the device of a friend, | ||
3423 | from a storefront, or an advertisement. | ||
3424 | The level of trust in the respective zone is contextual and likely | ||
3425 | varies from user to user. | ||
3426 | Trust in a zone provided through a letter from a bank which | ||
3427 | may also include a credit card is certainly different from a zone | ||
3428 | found on a random advertisement in the streets. | ||
3429 | However, this trust is immediately tangible to the user and can | ||
3430 | be reflected in the local naming as well. | ||
3431 | </t> | ||
3432 | <t> | ||
3433 | User clients should facilitate the suffix-to-name modification | ||
3434 | process and are ideally implemented | ||
3435 | according to best practices, particular addressing applicable points | ||
3436 | from <xref target="security"/>. | ||
3437 | Formalizing such best practices is out of scope of this | ||
3438 | specification. | ||
3439 | </t> | ||
3440 | </section> | ||
3441 | </section> | 3496 | </section> |
3442 | <section> | 3497 | <section> |
3443 | <name>Test Vectors</name> | 3498 | <name>Test Vectors</name> |