diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2021-12-22 16:36:01 +0100 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2021-12-22 16:36:01 +0100 |
commit | 79a6958f6c79ff29da1672d0e99777d8d947eda8 (patch) | |
tree | d8e298993a266e817310f79b7815766e30d89e42 /draft-schanzen-gns.xml | |
parent | dd85c56e1a0458c395823dde89cd52fafc3aacf9 (diff) | |
download | lsd0001-79a6958f6c79ff29da1672d0e99777d8d947eda8.tar.gz lsd0001-79a6958f6c79ff29da1672d0e99777d8d947eda8.zip |
update
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 7f14e6d..307b6fa 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -208,7 +208,7 @@ | |||
208 | </t> | 208 | </t> |
209 | <t> | 209 | <t> |
210 | Starting from a configurable root zone, names are resolved following zone | 210 | Starting from a configurable root zone, names are resolved following zone |
211 | delegations which are iteratively queried from the storage (<xref target="resolution"/>). | 211 | delegations which are recursively queried from the storage (<xref target="resolution"/>). |
212 | </t> | 212 | </t> |
213 | <t> | 213 | <t> |
214 | In the remainder of this document, the "implementer" refers to the developer building | 214 | In the remainder of this document, the "implementer" refers to the developer building |
@@ -235,9 +235,9 @@ | |||
235 | <section anchor="ztype" numbered="true" toc="default"> | 235 | <section anchor="ztype" numbered="true" toc="default"> |
236 | <name>Zone Type</name> | 236 | <name>Zone Type</name> |
237 | <t> | 237 | <t> |
238 | The Zone Type ztype is the unique zone type of the zone as registered | 238 | The zone type ztype is the unique zone type of the zone as registered |
239 | in the GNUnet Assigned Numbers Authority <xref target="GANA" />. | 239 | in the GNUnet Assigned Numbers Authority <xref target="GANA" />. |
240 | The Zone Type determines which cryptosystem is used for the | 240 | The zone type determines which cryptosystem is used for the |
241 | asymmetric and symmetric key operations of the zone. | 241 | asymmetric and symmetric key operations of the zone. |
242 | The zone type is identified by a 32-bit number. | 242 | The zone type is identified by a 32-bit number. |
243 | It always corresponds to a resource record type number identifying a | 243 | It always corresponds to a resource record type number identifying a |
@@ -245,12 +245,12 @@ | |||
245 | </t> | 245 | </t> |
246 | <t> | 246 | <t> |
247 | For any zone, d is the private zone key. zk is the public zone key. | 247 | For any zone, d is the private zone key. zk is the public zone key. |
248 | The specific formats depends on the Zone Type. | 248 | The specific formats depends on the zone type. |
249 | The default zone delegation record types are specified in | 249 | The default zone delegation record types are specified in |
250 | <xref target="rrecords"/>. | 250 | <xref target="rrecords"/>. |
251 | New Zone Types may be specified in the future, for example if the | 251 | New zone types may be specified in the future, for example if the |
252 | cryptographic mechanisms used in this document are broken. | 252 | cryptographic mechanisms used in this document are broken. |
253 | Any Zone Type MUST define the following set of cryptographic functions: | 253 | Any zone type MUST define the following set of cryptographic functions: |
254 | </t> | 254 | </t> |
255 | <dl> | 255 | <dl> |
256 | <dt>Private-KeyGen() -> d</dt> | 256 | <dt>Private-KeyGen() -> d</dt> |
@@ -308,7 +308,7 @@ | |||
308 | <section anchor="zid" numbered="true" toc="default"> | 308 | <section anchor="zid" numbered="true" toc="default"> |
309 | <name>Zone ID</name> | 309 | <name>Zone ID</name> |
310 | 310 | ||
311 | <t>The Zone ID zid is a unique public identifier of a zone. | 311 | <t>The zone ID zid is a unique public identifier of a zone. |
312 | It consists of the ztype and the public zone key zk. | 312 | It consists of the ztype and the public zone key zk. |
313 | The wire format is illustrated in <xref target="figure_zid"/>. | 313 | The wire format is illustrated in <xref target="figure_zid"/>. |
314 | </t> | 314 | </t> |
@@ -331,7 +331,7 @@ | |||
331 | It is a string which encodes the zone key into a domain name. | 331 | It is a string which encodes the zone key into a domain name. |
332 | The zTLD is used as a globally unique reference to a specific | 332 | The zTLD is used as a globally unique reference to a specific |
333 | namespace in the process of name resolution. | 333 | namespace in the process of name resolution. |
334 | To encode the zone key, a zone key label zkl is derived from the Zone | 334 | To encode the zone key, a zone key label zkl is derived from the zone |
335 | ID using the Crockford Base32 | 335 | ID using the Crockford Base32 |
336 | encoding <xref target="CrockfordB32"/> but the letter "U" is decoded to | 336 | encoding <xref target="CrockfordB32"/> but the letter "U" is decoded to |
337 | the same Base32 value as the letter "V" in order to further increase | 337 | the same Base32 value as the letter "V" in order to further increase |
@@ -408,7 +408,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62] | |||
408 | <section anchor="revocation" numbered="true" toc="default"> | 408 | <section anchor="revocation" numbered="true" toc="default"> |
409 | <name>Zone Revocation</name> | 409 | <name>Zone Revocation</name> |
410 | <t> | 410 | <t> |
411 | Whenever a recursive resolver encounters a new GNS zone, it MUST | 411 | Whenever a resolver encounters a new GNS zone, it MUST |
412 | check against the local revocation list whether the respective | 412 | check against the local revocation list whether the respective |
413 | zone key has been revoked. If the zone key was revoked, the | 413 | zone key has been revoked. If the zone key was revoked, the |
414 | resolution MUST fail with an empty result set. | 414 | resolution MUST fail with an empty result set. |
@@ -1613,6 +1613,11 @@ q := SHA512 (HDKD-Public(zk, label)) | |||
1613 | <name>Name Resolution</name> | 1613 | <name>Name Resolution</name> |
1614 | <t> | 1614 | <t> |
1615 | Names in GNS are resolved by recursively querying the record storage. | 1615 | Names in GNS are resolved by recursively querying the record storage. |
1616 | Recursive in this context means that a resolver does not provide | ||
1617 | iterative results for a query (as is the case with iterative DNS resolution). | ||
1618 | Instead, it MUST respond to a resolution request with either the | ||
1619 | requested resource record or an error message in case the resolution | ||
1620 | fails. | ||
1616 | In the following, we define how resolution is initiated and each | 1621 | In the following, we define how resolution is initiated and each |
1617 | iteration in the resolution is processed. | 1622 | iteration in the resolution is processed. |
1618 | </t> | 1623 | </t> |
@@ -1724,7 +1729,7 @@ example.com = zk2 | |||
1724 | <xref target="blinding" />.</li> | 1729 | <xref target="blinding" />.</li> |
1725 | <li>Perform a storage query GET(q) to retrieve the RRBLOCK.</li> | 1730 | <li>Perform a storage query GET(q) to retrieve the RRBLOCK.</li> |
1726 | <li>Verify and process the RRBLOCK and decrypt the BDATA contained | 1731 | <li>Verify and process the RRBLOCK and decrypt the BDATA contained |
1727 | in it as defined by its Zone Type (see also <xref target="records_block" />).</li> | 1732 | in it as defined by its zone type (see also <xref target="records_block" />).</li> |
1728 | </ol> | 1733 | </ol> |
1729 | <t> | 1734 | <t> |
1730 | Upon receiving the RRBLOCK from the storage, apart from verifying the | 1735 | Upon receiving the RRBLOCK from the storage, apart from verifying the |