diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-05-20 15:27:19 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-05-20 15:27:19 +0200 |
commit | c97e7ddab0826d4332aab4ddf81551445f941604 (patch) | |
tree | f334ec019053262b8f9339e09453fa3d624c9273 | |
parent | 9ca637f332c2a2847d6513e8d153ffdc7b8e980f (diff) | |
download | lsd0001-c97e7ddab0826d4332aab4ddf81551445f941604.tar.gz lsd0001-c97e7ddab0826d4332aab4ddf81551445f941604.zip |
some notes on usage
-rw-r--r-- | draft-schanzen-gns.xml | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 897ca3e..5456628 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -3329,6 +3329,115 @@ Value Symbol Symbol | |||
3329 | <li>Return record set to application.</li> | 3329 | <li>Return record set to application.</li> |
3330 | </ol> | 3330 | </ol> |
3331 | </section> | 3331 | </section> |
3332 | <section anchor="day_in_zoneowner"> | ||
3333 | <name>A Day in the Life of a Zone Owner</name> | ||
3334 | <t> | ||
3335 | In order to become a zone owner, it is sufficient to generate | ||
3336 | a zone key and a corresponding secret key. | ||
3337 | At this point, the zone owner can manage GNS resource records in a | ||
3338 | local zone database. | ||
3339 | The resource records can then be published by a GNS implementation | ||
3340 | as defined in <xref target="publish"/>. | ||
3341 | </t> | ||
3342 | <t> | ||
3343 | In order for other users to resolve the resource records, respective | ||
3344 | zone information must be disseminated first. | ||
3345 | The zone owner may decide to make the zone key and labels known | ||
3346 | to a selected set of users only or to make this information available | ||
3347 | to the general public. | ||
3348 | </t> | ||
3349 | <t> | ||
3350 | Sharing zone information directly with specific users not only allows | ||
3351 | to potentially preserve zone and record privacy, but also allows | ||
3352 | the zone owner and the user to establish strong trust relationships. | ||
3353 | For example, a bank may send a customer letter with a QR code which | ||
3354 | contains the GNS zone of the bank. | ||
3355 | This allows the user to scan the QR code and establish a strong | ||
3356 | link to the zone of the bank and with it, for example, the IP address | ||
3357 | of the online banking web site. | ||
3358 | </t> | ||
3359 | <t> | ||
3360 | Most Internet services likely want to make their zones available | ||
3361 | to the general public as efficiently as possible. | ||
3362 | First, it is reasonable to assume that zones which are commanding | ||
3363 | high levels of reputation and trust are likely included in the | ||
3364 | default suffix-to-zone mappings of implementations. | ||
3365 | Hence dissemination of a zone through delegation under such zones | ||
3366 | can be a viable path in order to disseminate a zone publicly. | ||
3367 | For example, it is conceivable that organizations such as ICANN | ||
3368 | or country-code top-level domain registrars also manage GNS zones | ||
3369 | and offer registration or delegation services. | ||
3370 | </t> | ||
3371 | <t> | ||
3372 | Following best practices in particularly those relating to | ||
3373 | security and abuse mitigation are methods which allow zone owners | ||
3374 | and aspiring registrars to gain a good reputation and eventually | ||
3375 | trust. | ||
3376 | This includes, of course, diligent protection of private zone key | ||
3377 | material. | ||
3378 | Formalizing such best practices is out of scope of this | ||
3379 | specification and should be addressed in a separate document addressing | ||
3380 | <xref target="security"/>. | ||
3381 | </t> | ||
3382 | </section> | ||
3383 | <section> | ||
3384 | <name>User-centric zone management</name> | ||
3385 | <t> | ||
3386 | A user is expected to install a GNS implementation if it is not already | ||
3387 | provided through other means such as the operating system | ||
3388 | or the browser. | ||
3389 | </t> | ||
3390 | <t> | ||
3391 | It is expected that in any case, the implementation likely ships | ||
3392 | with a configurable default suffix-to-name mapping. | ||
3393 | This means that the user is able to resolve GNS names ending on a | ||
3394 | zTLD or ending on a configured suffix-to-name mapping. | ||
3395 | </t> | ||
3396 | <t> | ||
3397 | At this point the user may modify the implementation's default | ||
3398 | suffix-to-name mapping. | ||
3399 | This includes: | ||
3400 | </t> | ||
3401 | <ul> | ||
3402 | <li>Deletion of mappings.</li> | ||
3403 | <li>Modification of a mapping</li> | ||
3404 | <li>Addition of a new mapping</li> | ||
3405 | </ul> | ||
3406 | <t> | ||
3407 | The user may delete mappings. This may become necessary of the | ||
3408 | zone owner referenced by the mapping has lost the trust of the user. | ||
3409 | For example, this could be due to lax registration policies resulting | ||
3410 | in phishing activities. | ||
3411 | </t> | ||
3412 | <t> | ||
3413 | Modification and addition of new mappings are means to heal the | ||
3414 | namespace perforation which would occur in the case of a deletion | ||
3415 | or to simply establish a strong direct trust relationship. | ||
3416 | However, this requires the user's knowledge of respective zone | ||
3417 | information. | ||
3418 | This information must be retrieved out of band, as illustrated in | ||
3419 | <xref target="day_in_zoneowner"/>: | ||
3420 | A bank may send the user a letter with a QR code which contains the | ||
3421 | GNS zone of the bank. | ||
3422 | Other examples include scanning the QR off the device of a friend, | ||
3423 | from a storefront, or an advertisement. | ||
3424 | The level of trust in the respective zone is contextual and likely | ||
3425 | varies from user to user. | ||
3426 | Trust in a zone provided through a letter from a bank which | ||
3427 | may also include a credit card is certainly different from a zone | ||
3428 | found on a random advertisement in the streets. | ||
3429 | However, this trust is immediately tangible to the user and can | ||
3430 | be reflected in the local naming as well. | ||
3431 | </t> | ||
3432 | <t> | ||
3433 | User clients should facilitate the suffix-to-name modification | ||
3434 | process and are ideally implemented | ||
3435 | according to best practices, particular addressing applicable points | ||
3436 | from <xref target="security"/>. | ||
3437 | Formalizing such best practices is out of scope of this | ||
3438 | specification. | ||
3439 | </t> | ||
3440 | </section> | ||
3332 | </section> | 3441 | </section> |
3333 | <section> | 3442 | <section> |
3334 | <name>Test Vectors</name> | 3443 | <name>Test Vectors</name> |