expand motivation

1 files changed, 8 insertions, 2 deletions

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 7dfec74..2d9f75e 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -1425,9 +1425,15 @@ NONCE := HKDF-Expand (PRK_n, label, 128 / 8)
        <name>BOX</name>
        <t>
          In GNS, with the notable exception of zTLDs, every "." in a name
-         delegates to another zone, and
+         delegates to another zone. Furthermore,
          GNS lookups are expected to return all of the required useful
-         information in one record set.  This is incompatible with the
+         information in one record set. This avoids unnecessary additional
+         lookups and cryptographically ties together information that belongs
+         together, making it impossible for an adversarial storage to provide
+         partial answers that might omit information critical for security.
+       </t>
+       <t>
+         However, this general strategy of is incompatible with the
          special labels used by DNS for SRV and TLSA records.  Thus, GNS
          defines the BOX record format to box up SRV and TLSA records and
          include them in the record set of the label they are associated