diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-02-21 15:48:54 +0100 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-02-21 15:48:54 +0100 |
commit | 98b6997bda240d4deb9e8f65244e2352c6200019 (patch) | |
tree | 94beef723dc3cacd9676c3f4ae3032eb49a84c73 | |
parent | 118c58412c3c34832eb304618c922ade8241b090 (diff) | |
download | lsd0001-98b6997bda240d4deb9e8f65244e2352c6200019.tar.gz lsd0001-98b6997bda240d4deb9e8f65244e2352c6200019.zip |
more revocationing
-rw-r--r-- | draft-schanzen-gns.xml | 60 |
1 files changed, 38 insertions, 22 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 147a94c..a02251c 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -676,13 +676,6 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
676 | <bcp14>MAY</bcp14> be increased up to (D'-D) * EPOCH * 1.1. | 676 | <bcp14>MAY</bcp14> be increased up to (D'-D) * EPOCH * 1.1. |
677 | The EPOCH is extended by | 677 | The EPOCH is extended by |
678 | 10% in order to deal with unsynchronized clocks. | 678 | 10% in order to deal with unsynchronized clocks. |
679 | This field is informational for a verifier. | ||
680 | A verifier <bcp14>MAY</bcp14> discard a revocation without | ||
681 | checking the POW values or the signature if the TTL (in combination with TIMESTAMP) | ||
682 | indicates that the revocation has already expired. | ||
683 | The actual validity period of the | ||
684 | revocation <bcp14>MUST</bcp14> be determined by examining the leading zeroes in the | ||
685 | POW values. | ||
686 | </dd> | 679 | </dd> |
687 | <dt>POW_i</dt> | 680 | <dt>POW_i</dt> |
688 | <dd> | 681 | <dd> |
@@ -770,22 +763,45 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
770 | <li>The average number of leading zeroes D' resulting from the provided | 763 | <li>The average number of leading zeroes D' resulting from the provided |
771 | POW values <bcp14>MUST</bcp14> be greater than and not equal to D. Implementers | 764 | POW values <bcp14>MUST</bcp14> be greater than and not equal to D. Implementers |
772 | <bcp14>MUST NOT</bcp14> use an integer data type to calculate or represent D'.</li> | 765 | <bcp14>MUST NOT</bcp14> use an integer data type to calculate or represent D'.</li> |
773 | <li> | ||
774 | The validity period of the revocation is calculated as | ||
775 | (D'-D) * EPOCH * 1.1. The EPOCH is extended by | ||
776 | 10% in order to deal with unsynchronized clocks. | ||
777 | The validity period added on top of the TIMESTAMP yields the | ||
778 | expiration date. | ||
779 | Should the verifier calculate the validity and find that it differs from | ||
780 | the TTL field value, the verifier <bcp14>MUST</bcp14> continue and | ||
781 | use the calculated value when forwarding the revocation. | ||
782 | </li> | ||
783 | <li> | ||
784 | The current time <bcp14>SHOULD</bcp14> be between TIMESTAMP and | ||
785 | TIMESTAMP + validity period. | ||
786 | Implementations <bcp14>MAY</bcp14> process the revocation without validating this. | ||
787 | </li> | ||
788 | </ol> | 766 | </ol> |
767 | <t> | ||
768 | The TTL field is informational. | ||
769 | A revocation <bcp14>MAY</bcp14> be discarded without checking the POW | ||
770 | values or the signature if the TTL (in combination with TIMESTAMP) | ||
771 | indicates that the revocation has already expired. | ||
772 | The actual validity period of the | ||
773 | revocation <bcp14>MUST</bcp14> be determined by examining the leading | ||
774 | zeroes in the POW values. | ||
775 | </t> | ||
776 | <t> | ||
777 | The validity period of the revocation is calculated as | ||
778 | (D'-D) * EPOCH * 1.1. The EPOCH is extended by | ||
779 | 10% in order to deal with unsynchronized clocks. | ||
780 | The validity period added on top of the TIMESTAMP yields the | ||
781 | expiration date. | ||
782 | If the current time is after the expiration date, the | ||
783 | revocation is considered stale but may still be otherwise | ||
784 | considered valid. | ||
785 | Stale revocations <bcp14>MAY</bcp14> be discarded. | ||
786 | </t> | ||
787 | <t> | ||
788 | Verified revocations <bcp14>SHOULD</bcp14> be cached locally. | ||
789 | An implementation without a local revocations cache will be unable | ||
790 | to effectively process zone revocations. | ||
791 | The implementation <bcp14>MAY</bcp14> evict revocations from the local | ||
792 | cache at any time using an eviction strategy. | ||
793 | </t> | ||
794 | <t> | ||
795 | Implementations <bcp14>MUST</bcp14> forward received revocations to | ||
796 | other peers if they are valid and not stale. | ||
797 | Should the calculated validity period differs from the TTL field value, | ||
798 | the calculated value <bcp14>MUST</bcp14> be used as TTL field value | ||
799 | when forwarding the revocation message. | ||
800 | Any valid revocation MAY be used during delegation record | ||
801 | processing (<xref target="delegation_processing"/>). | ||
802 | Implementations <bcp14>MAY</bcp14> use stale but otherwise valid | ||
803 | revocations and <bcp14>MAY</bcp14> forward them to other peers. | ||
804 | </t> | ||
789 | </section> | 805 | </section> |
790 | 806 | ||
791 | 807 | ||