diff options
| author | Martin Schanzenbach <schanzen@gnunet.org> | 2021-12-22 16:36:01 +0100 |
|---|---|---|
| committer | Martin Schanzenbach <schanzen@gnunet.org> | 2021-12-22 16:36:01 +0100 |
| commit | 79a6958f6c79ff29da1672d0e99777d8d947eda8 (patch) | |
| tree | d8e298993a266e817310f79b7815766e30d89e42 /draft-schanzen-gns.xml | |
| parent | dd85c56e1a0458c395823dde89cd52fafc3aacf9 (diff) | |
| download | lsd0001-79a6958f6c79ff29da1672d0e99777d8d947eda8.tar.gz lsd0001-79a6958f6c79ff29da1672d0e99777d8d947eda8.zip | |
update
Diffstat (limited to 'draft-schanzen-gns.xml')
| -rw-r--r-- | draft-schanzen-gns.xml | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 7f14e6d..307b6fa 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
| @@ -208,7 +208,7 @@ | |||
| 208 | </t> | 208 | </t> |
| 209 | <t> | 209 | <t> |
| 210 | Starting from a configurable root zone, names are resolved following zone | 210 | Starting from a configurable root zone, names are resolved following zone |
| 211 | delegations which are iteratively queried from the storage (<xref target="resolution"/>). | 211 | delegations which are recursively queried from the storage (<xref target="resolution"/>). |
| 212 | </t> | 212 | </t> |
| 213 | <t> | 213 | <t> |
| 214 | In the remainder of this document, the "implementer" refers to the developer building | 214 | In the remainder of this document, the "implementer" refers to the developer building |
| @@ -235,9 +235,9 @@ | |||
| 235 | <section anchor="ztype" numbered="true" toc="default"> | 235 | <section anchor="ztype" numbered="true" toc="default"> |
| 236 | <name>Zone Type</name> | 236 | <name>Zone Type</name> |
| 237 | <t> | 237 | <t> |
| 238 | The Zone Type ztype is the unique zone type of the zone as registered | 238 | The zone type ztype is the unique zone type of the zone as registered |
| 239 | in the GNUnet Assigned Numbers Authority <xref target="GANA" />. | 239 | in the GNUnet Assigned Numbers Authority <xref target="GANA" />. |
| 240 | The Zone Type determines which cryptosystem is used for the | 240 | The zone type determines which cryptosystem is used for the |
| 241 | asymmetric and symmetric key operations of the zone. | 241 | asymmetric and symmetric key operations of the zone. |
| 242 | The zone type is identified by a 32-bit number. | 242 | The zone type is identified by a 32-bit number. |
| 243 | It always corresponds to a resource record type number identifying a | 243 | It always corresponds to a resource record type number identifying a |
| @@ -245,12 +245,12 @@ | |||
| 245 | </t> | 245 | </t> |
| 246 | <t> | 246 | <t> |
| 247 | For any zone, d is the private zone key. zk is the public zone key. | 247 | For any zone, d is the private zone key. zk is the public zone key. |
| 248 | The specific formats depends on the Zone Type. | 248 | The specific formats depends on the zone type. |
| 249 | The default zone delegation record types are specified in | 249 | The default zone delegation record types are specified in |
| 250 | <xref target="rrecords"/>. | 250 | <xref target="rrecords"/>. |
| 251 | New Zone Types may be specified in the future, for example if the | 251 | New zone types may be specified in the future, for example if the |
| 252 | cryptographic mechanisms used in this document are broken. | 252 | cryptographic mechanisms used in this document are broken. |
| 253 | Any Zone Type MUST define the following set of cryptographic functions: | 253 | Any zone type MUST define the following set of cryptographic functions: |
| 254 | </t> | 254 | </t> |
| 255 | <dl> | 255 | <dl> |
| 256 | <dt>Private-KeyGen() -> d</dt> | 256 | <dt>Private-KeyGen() -> d</dt> |
| @@ -308,7 +308,7 @@ | |||
| 308 | <section anchor="zid" numbered="true" toc="default"> | 308 | <section anchor="zid" numbered="true" toc="default"> |
| 309 | <name>Zone ID</name> | 309 | <name>Zone ID</name> |
| 310 | 310 | ||
| 311 | <t>The Zone ID zid is a unique public identifier of a zone. | 311 | <t>The zone ID zid is a unique public identifier of a zone. |
| 312 | It consists of the ztype and the public zone key zk. | 312 | It consists of the ztype and the public zone key zk. |
| 313 | The wire format is illustrated in <xref target="figure_zid"/>. | 313 | The wire format is illustrated in <xref target="figure_zid"/>. |
| 314 | </t> | 314 | </t> |
| @@ -331,7 +331,7 @@ | |||
| 331 | It is a string which encodes the zone key into a domain name. | 331 | It is a string which encodes the zone key into a domain name. |
| 332 | The zTLD is used as a globally unique reference to a specific | 332 | The zTLD is used as a globally unique reference to a specific |
| 333 | namespace in the process of name resolution. | 333 | namespace in the process of name resolution. |
| 334 | To encode the zone key, a zone key label zkl is derived from the Zone | 334 | To encode the zone key, a zone key label zkl is derived from the zone |
| 335 | ID using the Crockford Base32 | 335 | ID using the Crockford Base32 |
| 336 | encoding <xref target="CrockfordB32"/> but the letter "U" is decoded to | 336 | encoding <xref target="CrockfordB32"/> but the letter "U" is decoded to |
| 337 | the same Base32 value as the letter "V" in order to further increase | 337 | the same Base32 value as the letter "V" in order to further increase |
| @@ -408,7 +408,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62] | |||
| 408 | <section anchor="revocation" numbered="true" toc="default"> | 408 | <section anchor="revocation" numbered="true" toc="default"> |
| 409 | <name>Zone Revocation</name> | 409 | <name>Zone Revocation</name> |
| 410 | <t> | 410 | <t> |
| 411 | Whenever a recursive resolver encounters a new GNS zone, it MUST | 411 | Whenever a resolver encounters a new GNS zone, it MUST |
| 412 | check against the local revocation list whether the respective | 412 | check against the local revocation list whether the respective |
| 413 | zone key has been revoked. If the zone key was revoked, the | 413 | zone key has been revoked. If the zone key was revoked, the |
| 414 | resolution MUST fail with an empty result set. | 414 | resolution MUST fail with an empty result set. |
| @@ -1613,6 +1613,11 @@ q := SHA512 (HDKD-Public(zk, label)) | |||
| 1613 | <name>Name Resolution</name> | 1613 | <name>Name Resolution</name> |
| 1614 | <t> | 1614 | <t> |
| 1615 | Names in GNS are resolved by recursively querying the record storage. | 1615 | Names in GNS are resolved by recursively querying the record storage. |
| 1616 | Recursive in this context means that a resolver does not provide | ||
| 1617 | iterative results for a query (as is the case with iterative DNS resolution). | ||
| 1618 | Instead, it MUST respond to a resolution request with either the | ||
| 1619 | requested resource record or an error message in case the resolution | ||
| 1620 | fails. | ||
| 1616 | In the following, we define how resolution is initiated and each | 1621 | In the following, we define how resolution is initiated and each |
| 1617 | iteration in the resolution is processed. | 1622 | iteration in the resolution is processed. |
| 1618 | </t> | 1623 | </t> |
| @@ -1724,7 +1729,7 @@ example.com = zk2 | |||
| 1724 | <xref target="blinding" />.</li> | 1729 | <xref target="blinding" />.</li> |
| 1725 | <li>Perform a storage query GET(q) to retrieve the RRBLOCK.</li> | 1730 | <li>Perform a storage query GET(q) to retrieve the RRBLOCK.</li> |
| 1726 | <li>Verify and process the RRBLOCK and decrypt the BDATA contained | 1731 | <li>Verify and process the RRBLOCK and decrypt the BDATA contained |
| 1727 | in it as defined by its Zone Type (see also <xref target="records_block" />).</li> | 1732 | in it as defined by its zone type (see also <xref target="records_block" />).</li> |
| 1728 | </ol> | 1733 | </ol> |
| 1729 | <t> | 1734 | <t> |
| 1730 | Upon receiving the RRBLOCK from the storage, apart from verifying the | 1735 | Upon receiving the RRBLOCK from the storage, apart from verifying the |