diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-03-08 00:01:35 +0100 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-03-08 00:01:35 +0100 |
commit | 8c9bed758a54b828682236b19b013b33b56040a0 (patch) | |
tree | 2623a6635567d5605ce052e9d2cc44e61ec15c70 | |
parent | 1f97560c26f81b9aba2e0492c1360061a4a95e79 (diff) | |
download | lsd0001-8c9bed758a54b828682236b19b013b33b56040a0.tar.gz lsd0001-8c9bed758a54b828682236b19b013b33b56040a0.zip |
dns name
-rw-r--r-- | draft-schanzen-gns.xml | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index bdea6a2..4ccddd0 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -1460,7 +1460,7 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1460 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1460 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1461 | 0 8 16 24 32 40 48 56 | 1461 | 0 8 16 24 32 40 48 56 |
1462 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 1462 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
1463 | | DNS NAME | | 1463 | | NAME | |
1464 | / / | 1464 | / / |
1465 | / / | 1465 | / / |
1466 | | | | 1466 | | | |
@@ -1473,7 +1473,7 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1473 | ]]></artwork> | 1473 | ]]></artwork> |
1474 | </figure> | 1474 | </figure> |
1475 | <dl> | 1475 | <dl> |
1476 | <dt>DNS NAME</dt> | 1476 | <dt>NAME</dt> |
1477 | <dd> | 1477 | <dd> |
1478 | The name to continue with in DNS. The value is UTF-8 encoded and | 1478 | The name to continue with in DNS. The value is UTF-8 encoded and |
1479 | 0-terminated. | 1479 | 0-terminated. |
@@ -2539,38 +2539,41 @@ NICK: john (Supplemental) | |||
2539 | </t> | 2539 | </t> |
2540 | </section> | 2540 | </section> |
2541 | <section> | 2541 | <section> |
2542 | <name>Name Leakage</name> | 2542 | <name>Namespace Ambiguity</name> |
2543 | <t> | 2543 | <t> |
2544 | GNS names are indistinguishable from DNS names or other special-use | 2544 | Some GNS names are indistinguishable from DNS names in their |
2545 | domain names <xref target="RFC6761"/>. | 2545 | respective common display format <xref target="RFC8499"/> or |
2546 | other special-use domain names <xref target="RFC6761"/>. | ||
2547 | Given such a name it is ambiguous which name system should be used | ||
2548 | by an application in order to resolve it. | ||
2546 | This poses a risk when trying to resolve a name through DNS when | 2549 | This poses a risk when trying to resolve a name through DNS when |
2547 | it is actually a GNS name. | 2550 | it is actually a GNS name. |
2548 | In such a case, the GNS name would be leaked as part of the DNS | 2551 | In such a case, the GNS name would be leaked as part of the DNS |
2549 | resolution. | 2552 | resolution. |
2550 | This risk is also present for special-use domain names which must be | ||
2551 | handled before starting a DNS resolution request by the application. | ||
2552 | </t> | 2553 | </t> |
2553 | <t> | 2554 | <t> |
2554 | Any application MUST take into consideration the user configuration | 2555 | In order to prevent disclosure of queried GNS names it is |
2555 | of resolution precedence when trying to resolve a name. | ||
2556 | One example of such a configuration which at the same time allows | ||
2557 | applications to delegate the resolution itself is the | ||
2558 | Name Service Switch (NSS) of Unix-like operating systems. | ||
2559 | It allows system administrators to configure host name resolution | ||
2560 | precedence and is integrated with the system resolver implementation. | ||
2561 | </t> | ||
2562 | <t> | ||
2563 | The order of resolution mechanisms to try is under the discretion | ||
2564 | of the user or system administrator. | ||
2565 | In the absence of an explicit configuration it is | ||
2566 | <bcp14>RECOMMENDED</bcp14> that applications try to resolve | 2556 | <bcp14>RECOMMENDED</bcp14> that applications try to resolve |
2567 | a given name in GNS before any other method in order to honor | 2557 | a given name in GNS before any other method in order to honor |
2568 | potential TLD overrides in GNS by the user. | 2558 | potential suffix-to-zone mappings in GNS by the user. |
2569 | If no suffix-to-zone mapping for the name exists, resolution | 2559 | If no suffix-to-zone mapping for the name exists, resolution |
2570 | <bcp14>MAY</bcp14> continue with other methods. | 2560 | <bcp14>MAY</bcp14> continue with other methods such as DNS. |
2571 | If a suffix-to-zone mapping exists for the name and the query | 2561 | If a suffix-to-zone mapping exists for the name and the query |
2572 | succeeds, fails or returns no results, resolution <bcp14>MUST NOT</bcp14> | 2562 | succeeds, fails or returns no results, resolution <bcp14>MUST NOT</bcp14> |
2573 | continue by other means. | 2563 | continue by any other means. |
2564 | </t> | ||
2565 | <t> | ||
2566 | Mechanisms such as the Name Service Switch (NSS) of Unix-like | ||
2567 | operating systems are an example of how such a resolution process | ||
2568 | can be implemented and used. | ||
2569 | It allows system administrators to configure host name resolution | ||
2570 | precedence and is integrated with the system resolver implementation. | ||
2571 | </t> | ||
2572 | <t> | ||
2573 | The user or system administrator <bcp14>MAY</bcp14> configure one or | ||
2574 | more unique suffixes for all suffix-to-zone mappings. | ||
2575 | In combination with a special-use domain name for GNS or an unreserved | ||
2576 | DNS TLD, this would prevent namespace ambiguity. | ||
2574 | </t> | 2577 | </t> |
2575 | </section> | 2578 | </section> |
2576 | </section> | 2579 | </section> |