diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-01-16 18:38:09 +0100 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-01-16 18:38:09 +0100 |
commit | 73683803c0040e354dbce107d091539524e3bb38 (patch) | |
tree | 6dae8c301929fee6557c40a4306db9aa83ce178d /draft-schanzen-gns.xml | |
parent | e63f6e1d48c94e9c2c6801014fc240961f9370c2 (diff) | |
download | lsd0001-73683803c0040e354dbce107d091539524e3bb38.tar.gz lsd0001-73683803c0040e354dbce107d091539524e3bb38.zip |
typos
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 518cd03..8434063 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -245,7 +245,7 @@ | |||
245 | <t> | 245 | <t> |
246 | For any zone, d is the private zone key. zk is the public zone key. | 246 | For any zone, d is the private zone key. zk is the public zone key. |
247 | The specific formats depends on the zone type. | 247 | The specific formats depends on the zone type. |
248 | The creation of zone keys for the default zone types are specificed in | 248 | The creation of zone keys for the default zone types are specified in |
249 | <xref target="gnsrecords_delegation"/>. | 249 | <xref target="gnsrecords_delegation"/>. |
250 | New zone types may be specified in the future, for example if the | 250 | New zone types may be specified in the future, for example if the |
251 | cryptographic mechanisms used in this document are broken. | 251 | cryptographic mechanisms used in this document are broken. |
@@ -430,7 +430,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62] | |||
430 | ahead of time to support timely revocation. | 430 | ahead of time to support timely revocation. |
431 | </t> | 431 | </t> |
432 | <t> | 432 | <t> |
433 | For all occurences below, "Argon2id" is the Password-based Key | 433 | For all occurrences below, "Argon2id" is the Password-based Key |
434 | Derivation Function as defined in <xref target="RFC9106" />. For the | 434 | Derivation Function as defined in <xref target="RFC9106" />. For the |
435 | PoW calculations the algorithm is instantiated with the | 435 | PoW calculations the algorithm is instantiated with the |
436 | following parameters: | 436 | following parameters: |
@@ -664,7 +664,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62] | |||
664 | A GNS implementer MUST provide a mechanism to create and manage resource | 664 | A GNS implementer MUST provide a mechanism to create and manage resource |
665 | records for local zones. A local zone is established by selecting a | 665 | records for local zones. A local zone is established by selecting a |
666 | zone type and creating a zone key pair. | 666 | zone type and creating a zone key pair. |
667 | As records may be added to each created zone, a (local) persistency | 667 | As records may be added to each created zone, a (local) persistence |
668 | mechanism such as a database for resource records and zones must be provided. | 668 | mechanism such as a database for resource records and zones must be provided. |
669 | This local zone database is used by the name resolution logic and serves | 669 | This local zone database is used by the name resolution logic and serves |
670 | as a basis for publishing zones into the GNS storage (see <xref target="publish"/>). | 670 | as a basis for publishing zones into the GNS storage (see <xref target="publish"/>). |
@@ -1082,7 +1082,7 @@ zk' := h * zk | |||
1082 | published. | 1082 | published. |
1083 | The multiplication of zk with h is a point multiplication, | 1083 | The multiplication of zk with h is a point multiplication, |
1084 | while the division and multiplication of a and a1 with the | 1084 | while the division and multiplication of a and a1 with the |
1085 | cofactor are integer operations. | 1085 | co-factor are integer operations. |
1086 | </t> | 1086 | </t> |
1087 | <t> | 1087 | <t> |
1088 | Signatures for EDKEY zones using the derived private key a' | 1088 | Signatures for EDKEY zones using the derived private key a' |
@@ -1229,7 +1229,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
1229 | However, sometimes connecting to such services does not only require | 1229 | However, sometimes connecting to such services does not only require |
1230 | the knowledge of an address and port, but also requires the canonical | 1230 | the knowledge of an address and port, but also requires the canonical |
1231 | DNS name of the service to be transmitted over the transport protocol. | 1231 | DNS name of the service to be transmitted over the transport protocol. |
1232 | In GNS, legacy hostname records provide applications the DNS name that | 1232 | In GNS, legacy host name records provide applications the DNS name that |
1233 | is required to establish a connection to such a service. | 1233 | is required to establish a connection to such a service. |
1234 | The most common use case is HTTP virtual hosting, where a DNS name must | 1234 | The most common use case is HTTP virtual hosting, where a DNS name must |
1235 | be supplied in the HTTP "Host"-header. | 1235 | be supplied in the HTTP "Host"-header. |
@@ -1396,7 +1396,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
1396 | <dt>SERVICE NAME</dt> | 1396 | <dt>SERVICE NAME</dt> |
1397 | <dd> | 1397 | <dd> |
1398 | a shared secret used to identify the service at the hosting peer, | 1398 | a shared secret used to identify the service at the hosting peer, |
1399 | used to derive the port number requird to connect to the service. | 1399 | used to derive the port number required to connect to the service. |
1400 | The service name MUST be a 0-terminated UTF-8 string. | 1400 | The service name MUST be a 0-terminated UTF-8 string. |
1401 | </dd> | 1401 | </dd> |
1402 | </dl> | 1402 | </dl> |
@@ -1768,7 +1768,7 @@ example.com = zk2 | |||
1768 | Case 2: | 1768 | Case 2: |
1769 | If the name to be resolved is of the format | 1769 | If the name to be resolved is of the format |
1770 | "_SERVICE._PROTO" and the record set contains one or more matching BOX | 1770 | "_SERVICE._PROTO" and the record set contains one or more matching BOX |
1771 | records, the records in the BOX records are the result and the recusion | 1771 | records, the records in the BOX records are the result and the recursion |
1772 | is concluded (<xref target="box_processing" />). | 1772 | is concluded (<xref target="box_processing" />). |
1773 | </li> | 1773 | </li> |
1774 | <li> | 1774 | <li> |
@@ -1846,7 +1846,7 @@ example.com = zk2 | |||
1846 | The resolver MAY try them in any order or even in parallel. | 1846 | The resolver MAY try them in any order or even in parallel. |
1847 | If multiple GNS2DNS records are present, the DNS name MUST be | 1847 | If multiple GNS2DNS records are present, the DNS name MUST be |
1848 | identical for all of them, if not the resolution fails and an | 1848 | identical for all of them, if not the resolution fails and an |
1849 | emtpy record set is returned as the record set is invalid. | 1849 | empty record set is returned as the record set is invalid. |
1850 | </t> | 1850 | </t> |
1851 | <t> | 1851 | <t> |
1852 | Once the IP addresses of the DNS servers have been determined, | 1852 | Once the IP addresses of the DNS servers have been determined, |
@@ -1869,7 +1869,7 @@ example.com = zk2 | |||
1869 | Such resolvers would return an empty record set upon encountering | 1869 | Such resolvers would return an empty record set upon encountering |
1870 | a GNS2DNS record during the recursion. However, if GNS2DNS records | 1870 | a GNS2DNS record during the recursion. However, if GNS2DNS records |
1871 | are encountered in the record set for the apex and a GNS2DNS record | 1871 | are encountered in the record set for the apex and a GNS2DNS record |
1872 | is expicitly requested by the application, such records MUST | 1872 | is explicitly requested by the application, such records MUST |
1873 | still be returned, even if DNS support is disabled by the | 1873 | still be returned, even if DNS support is disabled by the |
1874 | GNS resolver configuration. | 1874 | GNS resolver configuration. |
1875 | </t> | 1875 | </t> |
@@ -1999,7 +1999,7 @@ NICK: john (Supplemental) | |||
1999 | This is why developers of applications managing GNS zones SHOULD | 1999 | This is why developers of applications managing GNS zones SHOULD |
2000 | select a default zone type considered secure at the time of | 2000 | select a default zone type considered secure at the time of |
2001 | releasing the software. | 2001 | releasing the software. |
2002 | For applications targetting end users that are not expected to | 2002 | For applications targeting end users that are not expected to |
2003 | understand cryptography, the application developer MUST NOT leave | 2003 | understand cryptography, the application developer MUST NOT leave |
2004 | the zone type selection of new zones to end users. | 2004 | the zone type selection of new zones to end users. |
2005 | </t> | 2005 | </t> |
@@ -2066,7 +2066,7 @@ NICK: john (Supplemental) | |||
2066 | Further, DNS can be used to combat illegal content on the internet | 2066 | Further, DNS can be used to combat illegal content on the internet |
2067 | by having the respective domains seized by authorities. | 2067 | by having the respective domains seized by authorities. |
2068 | However, the same mechanisms can also be abused in order to impose | 2068 | However, the same mechanisms can also be abused in order to impose |
2069 | state censorship, which ist one of the motivations behind GNS. | 2069 | state censorship, which is one of the motivations behind GNS. |
2070 | Hence, such a seizure is, by design, difficult to impossible in GNS. | 2070 | Hence, such a seizure is, by design, difficult to impossible in GNS. |
2071 | In particular, GNS does not support WHOIS (<xref target="RFC3912" />). | 2071 | In particular, GNS does not support WHOIS (<xref target="RFC3912" />). |
2072 | </t> | 2072 | </t> |
@@ -2079,7 +2079,7 @@ NICK: john (Supplemental) | |||
2079 | compromised it cannot be revoked (unless a revocation message was | 2079 | compromised it cannot be revoked (unless a revocation message was |
2080 | pre-calculated and is still available). | 2080 | pre-calculated and is still available). |
2081 | Zone administrators, and for GNS this includes end-users, are | 2081 | Zone administrators, and for GNS this includes end-users, are |
2082 | required to responsibly and dilligently protect their cryptographic | 2082 | required to responsibly and diligently protect their cryptographic |
2083 | keys. Offline signing is in principle possible, but GNS does not | 2083 | keys. Offline signing is in principle possible, but GNS does not |
2084 | support separate zone signing and key-signing keys | 2084 | support separate zone signing and key-signing keys |
2085 | (as in <xref target="RFC6781" />) in order to provide usable security. | 2085 | (as in <xref target="RFC6781" />) in order to provide usable security. |
@@ -2099,7 +2099,7 @@ NICK: john (Supplemental) | |||
2099 | <section anchor="security_dht" numbered="true" toc="default"> | 2099 | <section anchor="security_dht" numbered="true" toc="default"> |
2100 | <name>Impact of DHTs as Underlying Storage</name> | 2100 | <name>Impact of DHTs as Underlying Storage</name> |
2101 | <t> | 2101 | <t> |
2102 | This document does not specifiy the properties of the underlying | 2102 | This document does not specify the properties of the underlying |
2103 | storage which is required by any GNS implementation. | 2103 | storage which is required by any GNS implementation. |
2104 | For implementers using a DHT as underlying storage, it is important | 2104 | For implementers using a DHT as underlying storage, it is important |
2105 | to note that the properties of the DHT are directly inherited by the | 2105 | to note that the properties of the DHT are directly inherited by the |
@@ -2119,7 +2119,7 @@ NICK: john (Supplemental) | |||
2119 | <t> | 2119 | <t> |
2120 | Zone administrators are advised to pre-generate zone revocations | 2120 | Zone administrators are advised to pre-generate zone revocations |
2121 | and securely store the revocation information in case the zone | 2121 | and securely store the revocation information in case the zone |
2122 | key is lost, compromised or replaced in the furture. | 2122 | key is lost, compromised or replaced in the future. |
2123 | Pre-calculated revocations may become invalid due to expirations | 2123 | Pre-calculated revocations may become invalid due to expirations |
2124 | or protocol changes such as epoch adjustments. | 2124 | or protocol changes such as epoch adjustments. |
2125 | Consequently, implementers and users must make precautions in order | 2125 | Consequently, implementers and users must make precautions in order |
@@ -2213,7 +2213,7 @@ NICK: john (Supplemental) | |||
2213 | <t> | 2213 | <t> |
2214 | Any request MUST contain a unique name and a point of contact. | 2214 | Any request MUST contain a unique name and a point of contact. |
2215 | The contact information MAY be added to the registry given the consent | 2215 | The contact information MAY be added to the registry given the consent |
2216 | of the requestor. | 2216 | of the requester. |
2217 | The request MAY optionally also contain relevant references as well | 2217 | The request MAY optionally also contain relevant references as well |
2218 | as a descriptive comment as defined above. | 2218 | as a descriptive comment as defined above. |
2219 | </t> | 2219 | </t> |
@@ -2251,7 +2251,7 @@ Purpose | Name | References | Comment | |||
2251 | </section> | 2251 | </section> |
2252 | <!-- gana --> | 2252 | <!-- gana --> |
2253 | <section> | 2253 | <section> |
2254 | <name>IANA Considertations</name> | 2254 | <name>IANA Considerations</name> |
2255 | <t> | 2255 | <t> |
2256 | This document makes no requests for IANA action. | 2256 | This document makes no requests for IANA action. |
2257 | This section may be removed on publication as an RFC. | 2257 | This section may be removed on publication as an RFC. |