diff options
-rw-r--r-- | draft-schanzen-gns.xml | 303 |
1 files changed, 222 insertions, 81 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index a57ca8f..c4474e1 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -1,4 +1,4 @@ | |||
1 | <?xml version='1.0' encoding='utf-8'? | 1 | <?xml version='1.0' encoding='utf-8'?> |
2 | <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent" [ | 2 | <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent" [ |
3 | <!ENTITY RFC1034 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml"> | 3 | <!ENTITY RFC1034 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml"> |
4 | <!ENTITY RFC1035 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml"> | 4 | <!ENTITY RFC1035 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml"> |
@@ -197,6 +197,12 @@ | |||
197 | the recursive name resolution logic defined in | 197 | the recursive name resolution logic defined in |
198 | <xref target="resolution"/>. | 198 | <xref target="resolution"/>. |
199 | </dd> | 199 | </dd> |
200 | <dt>Zone Master</dt> | ||
201 | <dd> | ||
202 | The zone master is the part of the GNS implementation which implements | ||
203 | local zone management and publication as defined in | ||
204 | <xref target="publish"/>. | ||
205 | </dd> | ||
200 | <dt>Name</dt> | 206 | <dt>Name</dt> |
201 | <dd> | 207 | <dd> |
202 | A name in GNS is a domain name as defined in <xref target="RFC8499"/> | 208 | A name in GNS is a domain name as defined in <xref target="RFC8499"/> |
@@ -220,8 +226,8 @@ | |||
220 | The apex label, label separator and the extension label have | 226 | The apex label, label separator and the extension label have |
221 | special purposes in the resolution protocol which are defined | 227 | special purposes in the resolution protocol which are defined |
222 | in the rest of the document. | 228 | in the rest of the document. |
223 | Zone administrators <bcp14>MAY</bcp14> disallow certain labels that may be easily | 229 | Zone administrators <bcp14>MAY</bcp14> disallow certain labels that |
224 | confused with other labels through registration policies. | 230 | might be easily confused with other labels through registration policies. |
225 | </dd> | 231 | </dd> |
226 | <dt>Apex Label</dt> | 232 | <dt>Apex Label</dt> |
227 | <dd> | 233 | <dd> |
@@ -251,12 +257,12 @@ | |||
251 | <dt>Top-Level Domain</dt> | 257 | <dt>Top-Level Domain</dt> |
252 | <dd> | 258 | <dd> |
253 | The rightmost part of a GNS name is a GNS Top-Level Domain (TLD). | 259 | The rightmost part of a GNS name is a GNS Top-Level Domain (TLD). |
254 | A GNS TLD may consist of one or more labels. | 260 | A GNS TLD can consist of one or more labels. |
255 | Unlike DNS Top-Level Domains (defined in <xref target="RFC8499"/>), | 261 | Unlike DNS Top-Level Domains (defined in <xref target="RFC8499"/>), |
256 | GNS does not expect all users to use the same global root zone. Instead, | 262 | GNS does not expect all users to use the same global root zone. Instead, |
257 | with the exception of Zone Top-Level Domains (see below), | 263 | with the exception of Zone Top-Level Domains (see below), |
258 | GNS TLDs are typically part of the configuration of the local resolver | 264 | GNS TLDs are typically part of the configuration of the local resolver |
259 | (see <xref target="governance"/>), and may thus not be globally unique. | 265 | (see <xref target="governance"/>), and might thus not be globally unique. |
260 | </dd> | 266 | </dd> |
261 | <dt>Zone</dt> | 267 | <dt>Zone</dt> |
262 | <dd> | 268 | <dd> |
@@ -298,6 +304,14 @@ | |||
298 | A zTLD label sequence can only be distinguished from ordinary TLD label sequences | 304 | A zTLD label sequence can only be distinguished from ordinary TLD label sequences |
299 | by attempting to decode the labels into a zone type and zone key. | 305 | by attempting to decode the labels into a zone type and zone key. |
300 | </dd> | 306 | </dd> |
307 | <dt>Start Zone</dt> | ||
308 | <dd> | ||
309 | In order to resolve any given GNS name an initial start zone must be | ||
310 | determined for this name. | ||
311 | The start zone may already be explicitly defined through a zTLD. | ||
312 | Otherwise, it is determined through a local suffix-to-zone mapping | ||
313 | (see <xref target="governance"/>). | ||
314 | </dd> | ||
301 | <dt>Resource Record</dt> | 315 | <dt>Resource Record</dt> |
302 | <dd> | 316 | <dd> |
303 | A GNS resource record is the information associated with a label in a | 317 | A GNS resource record is the information associated with a label in a |
@@ -310,7 +324,7 @@ | |||
310 | <section anchor="overview" numbered="true" toc="default"> | 324 | <section anchor="overview" numbered="true" toc="default"> |
311 | <name>Overview</name> | 325 | <name>Overview</name> |
312 | <t> | 326 | <t> |
313 | In GNS, any user may create and manage one or more cryptographically | 327 | In GNS, any user can create and manage one or more cryptographically |
314 | secured zones (<xref target="zones"/>). | 328 | secured zones (<xref target="zones"/>). |
315 | Zones are uniquely identified by a zone key. | 329 | Zones are uniquely identified by a zone key. |
316 | Zone contents are signed using blinded private keys and | 330 | Zone contents are signed using blinded private keys and |
@@ -354,26 +368,26 @@ | |||
354 | </t> | 368 | </t> |
355 | <figure anchor="figure_arch_publish" title="An example diagram of two hosts publishing GNS zones."> | 369 | <figure anchor="figure_arch_publish" title="An example diagram of two hosts publishing GNS zones."> |
356 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 370 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
357 | Local Host | Distributed | Remote Host | 371 | Local Host | Remote | Remote Host |
358 | | Storage | | 372 | | Storage | |
359 | | | | 373 | | | |
360 | | +--------+ | | 374 | | +---------+ | |
361 | | / /| | | 375 | | / /| | |
362 | +---------+ Publish | +--------+ | | Publish +---------+ | 376 | Publish | +---------+ | | Publish |
363 | | | Zones | | | | | Zones | | | 377 | +---------+ Records | | | | | Records +---------+ |
364 | | GNS |----------|->| Public | |<-|----------| GNS | | 378 | | Zone |----------|->| Record | |<-|----------| Zone | |
365 | | | | | Zones | | | | | | 379 | | Master | | | Storage | | | | Master | |
366 | +---------+ | | |/ | +---------+ | 380 | +---------+ | | |/ | +---------+ |
367 | A | +--------+ | A | 381 | A | +---------+ | A |
368 | | | | | | 382 | | | | | |
369 | +---------+ | | +---------+ | 383 | +---------+ | | +---------+ |
370 | / | /| | | / | /| | 384 | / | /| | | / | /| |
371 | +---------+ | | | +---------+ | | 385 | +---------+ | | | +---------+ | |
372 | | | | | | | | | | 386 | | | | | | | | | |
373 | | Local | | | | | Local | | | 387 | | Local | | | | | Local | | |
374 | | Zones | | | | | Zones | | | 388 | | Zones | | | | | Zones | | |
375 | | |/ | | | |/ | 389 | | |/ | | | |/ |
376 | +---------+ | | +---------+ | 390 | +---------+ | | +---------+ |
377 | ]]></artwork> | 391 | ]]></artwork> |
378 | </figure> | 392 | </figure> |
379 | <t> | 393 | <t> |
@@ -396,27 +410,27 @@ | |||
396 | </t> | 410 | </t> |
397 | <figure anchor="figure_arch_resolv" title="High-level view of the GNS resolution process."> | 411 | <figure anchor="figure_arch_resolv" title="High-level view of the GNS resolution process."> |
398 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 412 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
399 | Local Host | Distributed | 413 | Local Host | Remote |
400 | | Storage | 414 | | Storage |
401 | | | 415 | | |
402 | | +--------+ | 416 | | +---------+ |
403 | | / /| | 417 | | / /| |
404 | | +--------+ | | 418 | | +---------+ | |
405 | +-----------+ Name +---------+ Recursive | | | | | 419 | +-----------+ Name +----------+ Recursive | | | | |
406 | | | Lookup | | Resolution | | Public | | | 420 | | | Lookup | | Resolution | | Record | | |
407 | |Application|----------| GNS |-------------|->| Zones | | | 421 | |Application|----------| Resolver |-------------|->| Storage | | |
408 | | |<---------| |<------------|--| |/ | 422 | | |<---------| |<------------|--| |/ |
409 | +-----------+ Results +---------+ Intermediate| +--------+ | 423 | +-----------+ Results +----------+ Intermediate| +---------+ |
410 | A Results | | 424 | A Results | |
411 | | | | 425 | | | |
412 | +---------+ | | 426 | +---------+ | |
413 | / | /| | | 427 | / | /| | |
414 | +---------+ | | | 428 | +---------+ | | |
415 | | | | | | 429 | | | | | |
416 | | Start | | | | 430 | | Start | | | |
417 | | Zones | | | | 431 | | Zones | | | |
418 | | |/ | | 432 | | |/ | |
419 | +---------+ | | 433 | +---------+ | |
420 | ]]></artwork> | 434 | ]]></artwork> |
421 | </figure> | 435 | </figure> |
422 | 436 | ||
@@ -1705,17 +1719,17 @@ GET(key) -> value | |||
1705 | </t> | 1719 | </t> |
1706 | <figure anchor="figure_storage_publish" title="Management and publication of local zones in the distributed storage."> | 1720 | <figure anchor="figure_storage_publish" title="Management and publication of local zones in the distributed storage."> |
1707 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1721 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1708 | Local Host | Distributed | 1722 | Local Host | Remote |
1709 | | Storage | 1723 | | Storage |
1710 | | | 1724 | | |
1711 | | +--------+ | 1725 | | +---------+ |
1712 | | / /| | 1726 | | / /| |
1713 | | +--------+ | | 1727 | | +---------+ | |
1714 | +-----------+ +---------+ | | | | | 1728 | +-----------+ | | | | |
1715 | | | | |PUT(q, RRBLOCK) | | Public | | | 1729 | | | +---------+PUT(q, RRBLOCK) | | Record | | |
1716 | | User | | GNS |----------------|->| Zones | | | 1730 | | User | | Zone |----------------|->| Storage | | |
1717 | | | | | | | |/ | 1731 | | | | Master | | | |/ |
1718 | +-----------+ +---------+ | +--------+ | 1732 | +-----------+ +---------+ | +---------+ |
1719 | | A | | 1733 | | A | |
1720 | | | Zone records | | 1734 | | | Zone records | |
1721 | | | grouped by label | | 1735 | | | grouped by label | |
@@ -1963,31 +1977,30 @@ q := SHA-512 (ZKDF(zk, label)) | |||
1963 | </t> | 1977 | </t> |
1964 | <figure anchor="figure_resolution" title="The recursive GNS resolution process."> | 1978 | <figure anchor="figure_resolution" title="The recursive GNS resolution process."> |
1965 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1979 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1966 | Local Host | Distributed | 1980 | Local Host | Remote |
1967 | | Storage | 1981 | | Storage |
1968 | | | 1982 | | |
1969 | | +--------+ | 1983 | | +---------+ |
1970 | | / /| | 1984 | | / /| |
1971 | | +--------+ | | 1985 | | +---------+ | |
1972 | +-----------+ (1) Name +---------+ | | | | | 1986 | +-----------+ (1) Name +----------+ | | | | |
1973 | | | Lookup | | (3a) GET(q) | | Public | | | 1987 | | | Lookup | | (3a) GET(q) | | Record | | |
1974 | |Application|----------| GNS |-------------------|->| Zones | | | 1988 | |Application|----------| Resolver |---------------|->| Storage | | |
1975 | | |<---------| |<------------------|--| |/ | 1989 | | |<---------| |<--------------|--| |/ |
1976 | +-----------+ (4) +---------+ (3b) RRBLOCK | +--------+ | 1990 | +-----------+ (4) +----------+ (3b) RRBLOCK | +---------+ |
1977 | Records A | | 1991 | Records A | |
1978 | | | | 1992 | | | |
1979 | | | | 1993 | (2) Determination of | | |
1980 | (2) Determination of | | | 1994 | Start Zone | | |
1981 | Start Zone | | | 1995 | | | |
1982 | | | | 1996 | +---------+ | |
1983 | +---------+ | | 1997 | / | /| | |
1984 | / | /| | | 1998 | +---------+ | | |
1985 | +---------+ | | | 1999 | | | | | |
1986 | | | | | | 2000 | | Start | | | |
1987 | | Start | | | | 2001 | | Zones | | | |
1988 | | Zones | | | | 2002 | | |/ | |
1989 | | |/ | | 2003 | +---------+ | |
1990 | +---------+ | | ||
1991 | ]]></artwork> | 2004 | ]]></artwork> |
1992 | </figure> | 2005 | </figure> |
1993 | <section anchor="governance" numbered="true" toc="default"> | 2006 | <section anchor="governance" numbered="true" toc="default"> |
@@ -3148,6 +3161,134 @@ Value Symbol Symbol | |||
3148 | </figure> | 3161 | </figure> |
3149 | </section> | 3162 | </section> |
3150 | <section> | 3163 | <section> |
3164 | <name>Example flows</name> | ||
3165 | <section> | ||
3166 | <name>AAAA Example Resolution</name> | ||
3167 | <figure anchor="figure_resolution_ex_aaaa" title="Example resolution of an IPv6 address."> | ||
3168 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
3169 | Local Host | Remote | ||
3170 | | Storage | ||
3171 | | | ||
3172 | | +---------+ | ||
3173 | | / /| | ||
3174 | | +---------+ | | ||
3175 | +-----------+ (1) +----------+ | | | | | ||
3176 | | | | | (4,6) | | Record | | | ||
3177 | |Application|----------| Resolver |---------------|->| Storage | | | ||
3178 | | |<---------| |<--------------|--| |/ | ||
3179 | +-----------+ (8) +----------+ (5,7) | +---------+ | ||
3180 | A | | ||
3181 | | | | ||
3182 | (2,3) | | | ||
3183 | | | | ||
3184 | | | | ||
3185 | +---------+ | | ||
3186 | / v /| | | ||
3187 | +---------+ | | | ||
3188 | | | | | | ||
3189 | | Start | | | | ||
3190 | | Zones | | | | ||
3191 | | |/ | | ||
3192 | +---------+ | | ||
3193 | ]]></artwork> | ||
3194 | </figure> | ||
3195 | <ol> | ||
3196 | <li>Lookup AAAA record for name: www.example.gns.</li> | ||
3197 | <li>Determine start zone for www.example.gns.</li> | ||
3198 | <li>Start zone: zk0 - Remainder: www.example.</li> | ||
3199 | <li>Calculate q0=SHA512(ZKDF(zk0, "example")) and initiate GET(q0).</li> | ||
3200 | <li>Retrieve and decrypt RRBLOCK consisting of a single PKEY record containing zk1.</li> | ||
3201 | <li>Calculate q1=SHA512(ZKDF(zk1, "www")) and initiate GET(q1).</li> | ||
3202 | <li>Retrieve RRBLOCK consisting of a single AAAA record containing the IPv6 address 2001:db8::1.</li> | ||
3203 | <li>Return record set to application</li> | ||
3204 | </ol> | ||
3205 | </section> | ||
3206 | <section> | ||
3207 | <name>REDIRECT Example Resolution</name> | ||
3208 | <figure anchor="figure_resolution_ex_redir" title="Example resolution of an IPv6 address with redirect."> | ||
3209 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
3210 | Local Host | Remote | ||
3211 | | Storage | ||
3212 | | | ||
3213 | | +---------+ | ||
3214 | | / /| | ||
3215 | | +---------+ | | ||
3216 | +-----------+ (1) +----------+ | | | | | ||
3217 | | | | | (4,6,8) | | Record | | | ||
3218 | |Application|----------| Resolver |----------------|->| Storage | | | ||
3219 | | |<---------| |<---------------|--| |/ | ||
3220 | +-----------+ (10) +----------+ (5,7,9) | +---------+ | ||
3221 | A | | ||
3222 | | | | ||
3223 | (2,3) | | | ||
3224 | | | | ||
3225 | | | | ||
3226 | +---------+ | | ||
3227 | / v /| | | ||
3228 | +---------+ | | | ||
3229 | | | | | | ||
3230 | | Start | | | | ||
3231 | | Zones | | | | ||
3232 | | |/ | | ||
3233 | +---------+ | | ||
3234 | ]]></artwork> | ||
3235 | </figure> | ||
3236 | <ol> | ||
3237 | <li>Lookup AAAA record for name: www.example.tld.</li> | ||
3238 | <li>Determine start zone for www.example.tld.</li> | ||
3239 | <li>Start zone: zk0 - Remainder: www.example.</li> | ||
3240 | <li>Calculate q0=SHA512(ZKDF(zk0, "example")) and initiate GET(q0).</li> | ||
3241 | <li>Retrieve and decrypt RRBLOCK consisting of a single REDIRECT record containing zk1.</li> | ||
3242 | <li>Calculate q1=SHA512(ZKDF(zk1, "www")) and initiate GET(q1).</li> | ||
3243 | <li>Retrieve and decrypt RRBLOCK consisting of a single REDIRECT record containing www2.+.</li> | ||
3244 | <li>Calculate q2=SHA512(ZKDF(zk1, "www2")) and initiate GET(q2).</li> | ||
3245 | <li>Retrieve and decrypt RRBLOCK consisting of a single AAAA record containing the IPv6 address 2001:db8::1.</li> | ||
3246 | <li>Return record set to application.</li> | ||
3247 | </ol> | ||
3248 | </section> | ||
3249 | <section> | ||
3250 | <name>GNS2DNS Example Resolution</name> | ||
3251 | <figure anchor="figure_resolution_ex_gnsdns" title="Example resolution of an IPv6 address with DNS handover."> | ||
3252 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
3253 | Local Host | Remote | ||
3254 | | Storage | ||
3255 | | | ||
3256 | | +---------+ | ||
3257 | | / /| | ||
3258 | | +---------+ | | ||
3259 | +-----------+ (1) +----------+ | | | | | ||
3260 | | | | | (4) | | Record | | | ||
3261 | |Application|----------| Resolver |------------------|->| Storage | | | ||
3262 | | |<---------| |<-----------------|--| |/ | ||
3263 | +-----------+ (8) +----------+ (5) | +---------+ | ||
3264 | A A | | ||
3265 | | | (6,7) | | ||
3266 | (2,3) | +----------+ | | ||
3267 | | | | | ||
3268 | | v | | ||
3269 | +---------+ +------------+ | | ||
3270 | / v /| | System DNS | | | ||
3271 | +---------+ | | resolver | | | ||
3272 | | | | +------------+ | | ||
3273 | | Start | | | | ||
3274 | | Zones | | | | ||
3275 | | |/ | | ||
3276 | +---------+ | | ||
3277 | ]]></artwork> | ||
3278 | </figure> | ||
3279 | <ol> | ||
3280 | <li>Lookup AAAA record for name: www.example.gnu</li> | ||
3281 | <li>Determine start zone for www.example.gnu.</li> | ||
3282 | <li>Start zone: zk0 - Remainder: www.example.</li> | ||
3283 | <li>Calculate q0=SHA512(ZKDF(zk0, "example")) and initiate GET(q0).</li> | ||
3284 | <li>Retrieve and decrypt RRBLOCK consisting of a single GNS2DNS record containing the name example.com and the DNS server IPv4 address 192.0.2.1.</li> | ||
3285 | <li>Use system resolver to lookup an AAAA record for the DNS name www.example.com.</li> | ||
3286 | <li>Retrieve a DNS reply consisting of a single AAAA record containing the IPv6 address 2001:db8::1.</li> | ||
3287 | <li>Return record set to application.</li> | ||
3288 | </ol> | ||
3289 | </section> | ||
3290 | </section> | ||
3291 | <section> | ||
3151 | <name>Test Vectors</name> | 3292 | <name>Test Vectors</name> |
3152 | <t> | 3293 | <t> |
3153 | The following are test vectors for the Base32GNS encoding used for zTLDs. | 3294 | The following are test vectors for the Base32GNS encoding used for zTLDs. |