diff options
-rw-r--r-- | draft-schanzen-gns.html | 92 | ||||
-rw-r--r-- | draft-schanzen-gns.txt | 266 | ||||
-rw-r--r-- | draft-schanzen-gns.xml | 26 |
3 files changed, 250 insertions, 134 deletions
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html index d8e173a..3a1ee65 100644 --- a/draft-schanzen-gns.html +++ b/draft-schanzen-gns.html | |||
@@ -1090,7 +1090,10 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1090 | <p id="section-boilerplate.3-1.3.2.3.1"><a href="#section-3.3" class="xref">3.3</a>. <a href="#name-leho" class="xref">LEHO</a><a href="#section-boilerplate.3-1.3.2.3.1" class="pilcrow">¶</a></p> | 1090 | <p id="section-boilerplate.3-1.3.2.3.1"><a href="#section-3.3" class="xref">3.3</a>. <a href="#name-leho" class="xref">LEHO</a><a href="#section-boilerplate.3-1.3.2.3.1" class="pilcrow">¶</a></p> |
1091 | </li> | 1091 | </li> |
1092 | <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.4"> | 1092 | <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.4"> |
1093 | <p id="section-boilerplate.3-1.3.2.4.1"><a href="#section-3.4" class="xref">3.4</a>. <a href="#name-box" class="xref">BOX</a><a href="#section-boilerplate.3-1.3.2.4.1" class="pilcrow">¶</a></p> | 1093 | <p id="section-boilerplate.3-1.3.2.4.1"><a href="#section-3.4" class="xref">3.4</a>. <a href="#name-nick" class="xref">NICK</a><a href="#section-boilerplate.3-1.3.2.4.1" class="pilcrow">¶</a></p> |
1094 | </li> | ||
1095 | <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.5"> | ||
1096 | <p id="section-boilerplate.3-1.3.2.5.1"><a href="#section-3.5" class="xref">3.5</a>. <a href="#name-box" class="xref">BOX</a><a href="#section-boilerplate.3-1.3.2.5.1" class="pilcrow">¶</a></p> | ||
1094 | </li> | 1097 | </li> |
1095 | </ul> | 1098 | </ul> |
1096 | </li> | 1099 | </li> |
@@ -1451,12 +1454,43 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1451 | <span>[<a href="#RFC3492" class="xref">RFC3492</a>]</span>.<a href="#section-3.3-3" class="pilcrow">¶</a></p> | 1454 | <span>[<a href="#RFC3492" class="xref">RFC3492</a>]</span>.<a href="#section-3.3-3" class="pilcrow">¶</a></p> |
1452 | </section> | 1455 | </section> |
1453 | </div> | 1456 | </div> |
1454 | <div id="gnsrecords_box"> | 1457 | <div id="gnsrecords_nick"> |
1455 | <section id="section-3.4"> | 1458 | <section id="section-3.4"> |
1459 | <h3 id="name-nick"> | ||
1460 | <a href="#section-3.4" class="section-number selfRef">3.4. </a><a href="#name-nick" class="section-name selfRef">NICK</a> | ||
1461 | </h3> | ||
1462 | <p id="section-3.4-1">Nickname records can be used by zone administrators to publish an | ||
1463 | indication on what label this zone prefers to be referred to. | ||
1464 | This is a suggestion to other zones what label to use when creating a | ||
1465 | PKEY <a href="#gnsrecords_pkey" class="xref">Section 3.1</a> record containing this zone's | ||
1466 | public zone key. | ||
1467 | A NICK resource record contains an UTF-8 string | ||
1468 | (which is not 0-terminated) representing the preferred label. | ||
1469 | This string may NOT inlcude a ".". | ||
1470 | A NICK DATA entry has the following format:<a href="#section-3.4-1" class="pilcrow">¶</a></p> | ||
1471 | <div id="figure_nickrecord"> | ||
1472 | <figure id="figure-6"> | ||
1473 | <div class="artwork art-text alignLeft" id="section-3.4-2.1"> | ||
1474 | <pre> | ||
1475 | 0 8 16 24 32 40 48 56 | ||
1476 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1477 | | NICKNAME | | ||
1478 | / / | ||
1479 | / / | ||
1480 | | | | ||
1481 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
1482 | </pre> | ||
1483 | </div> | ||
1484 | <figcaption><a href="#figure-6" class="selfRef">Figure 6</a></figcaption></figure> | ||
1485 | </div> | ||
1486 | </section> | ||
1487 | </div> | ||
1488 | <div id="gnsrecords_box"> | ||
1489 | <section id="section-3.5"> | ||
1456 | <h3 id="name-box"> | 1490 | <h3 id="name-box"> |
1457 | <a href="#section-3.4" class="section-number selfRef">3.4. </a><a href="#name-box" class="section-name selfRef">BOX</a> | 1491 | <a href="#section-3.5" class="section-number selfRef">3.5. </a><a href="#name-box" class="section-name selfRef">BOX</a> |
1458 | </h3> | 1492 | </h3> |
1459 | <p id="section-3.4-1"> | 1493 | <p id="section-3.5-1"> |
1460 | In GNS, every "." in a name delegates to another zone, and | 1494 | In GNS, every "." in a name delegates to another zone, and |
1461 | GNS lookups are expected to return all of the required useful | 1495 | GNS lookups are expected to return all of the required useful |
1462 | information in one record set. This is incompatible with the | 1496 | information in one record set. This is incompatible with the |
@@ -1471,10 +1505,10 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1471 | otherwise it is to be left untouched. This way, TLSA (and SRV) | 1505 | otherwise it is to be left untouched. This way, TLSA (and SRV) |
1472 | records do not require a separate network request, and TLSA | 1506 | records do not require a separate network request, and TLSA |
1473 | records become inseparable from the corresponding address records. | 1507 | records become inseparable from the corresponding address records. |
1474 | A BOX DATA entry has the following format:<a href="#section-3.4-1" class="pilcrow">¶</a></p> | 1508 | A BOX DATA entry has the following format:<a href="#section-3.5-1" class="pilcrow">¶</a></p> |
1475 | <div id="figure_boxrecord"> | 1509 | <div id="figure_boxrecord"> |
1476 | <figure id="figure-6"> | 1510 | <figure id="figure-7"> |
1477 | <div class="artwork art-text alignLeft" id="section-3.4-2.1"> | 1511 | <div class="artwork art-text alignLeft" id="section-3.5-2.1"> |
1478 | <pre> | 1512 | <pre> |
1479 | 0 8 16 24 32 40 48 56 | 1513 | 0 8 16 24 32 40 48 56 |
1480 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 1514 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
@@ -1487,26 +1521,26 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1487 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 1521 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
1488 | </pre> | 1522 | </pre> |
1489 | </div> | 1523 | </div> |
1490 | <figcaption><a href="#figure-6" class="selfRef">Figure 6</a></figcaption></figure> | 1524 | <figcaption><a href="#figure-7" class="selfRef">Figure 7</a></figcaption></figure> |
1491 | </div> | 1525 | </div> |
1492 | <dl class="dlParallel" id="section-3.4-3"> | 1526 | <dl class="dlParallel" id="section-3.5-3"> |
1493 | <dt id="section-3.4-3.1">PROTO</dt> | 1527 | <dt id="section-3.5-3.1">PROTO</dt> |
1494 | <dd id="section-3.4-3.2"> | 1528 | <dd id="section-3.5-3.2"> |
1495 | the 16-bit protocol number, e.g. 6 for tcp. In network byte order.<a href="#section-3.4-3.2" class="pilcrow">¶</a> | 1529 | the 16-bit protocol number, e.g. 6 for tcp. In network byte order.<a href="#section-3.5-3.2" class="pilcrow">¶</a> |
1496 | </dd> | 1530 | </dd> |
1497 | <dt id="section-3.4-3.3">SVC</dt> | 1531 | <dt id="section-3.5-3.3">SVC</dt> |
1498 | <dd id="section-3.4-3.4"> | 1532 | <dd id="section-3.5-3.4"> |
1499 | the 16-bit service value of the boxed record, i.e. the port number. | 1533 | the 16-bit service value of the boxed record, i.e. the port number. |
1500 | In network byte order.<a href="#section-3.4-3.4" class="pilcrow">¶</a> | 1534 | In network byte order.<a href="#section-3.5-3.4" class="pilcrow">¶</a> |
1501 | </dd> | 1535 | </dd> |
1502 | <dt id="section-3.4-3.5">TYPE</dt> | 1536 | <dt id="section-3.5-3.5">TYPE</dt> |
1503 | <dd id="section-3.4-3.6"> | 1537 | <dd id="section-3.5-3.6"> |
1504 | is the 32-bit record type of the boxed record. In network byte order.<a href="#section-3.4-3.6" class="pilcrow">¶</a> | 1538 | is the 32-bit record type of the boxed record. In network byte order.<a href="#section-3.5-3.6" class="pilcrow">¶</a> |
1505 | </dd> | 1539 | </dd> |
1506 | <dt id="section-3.4-3.7">RECORD DATA</dt> | 1540 | <dt id="section-3.5-3.7">RECORD DATA</dt> |
1507 | <dd id="section-3.4-3.8"> | 1541 | <dd id="section-3.5-3.8"> |
1508 | is a variable length field containing the "DATA" format of TYPE as | 1542 | is a variable length field containing the "DATA" format of TYPE as |
1509 | defined for the respective TYPE in DNS.<a href="#section-3.4-3.8" class="pilcrow">¶</a> | 1543 | defined for the respective TYPE in DNS.<a href="#section-3.5-3.8" class="pilcrow">¶</a> |
1510 | </dd> | 1544 | </dd> |
1511 | </dl> | 1545 | </dl> |
1512 | </section> | 1546 | </section> |
@@ -1606,7 +1640,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1606 | include a periodic refresh publication. | 1640 | include a periodic refresh publication. |
1607 | A GNS resource records block has the following format:<a href="#section-4.2-1" class="pilcrow">¶</a></p> | 1641 | A GNS resource records block has the following format:<a href="#section-4.2-1" class="pilcrow">¶</a></p> |
1608 | <div id="figure_record_block"> | 1642 | <div id="figure_record_block"> |
1609 | <figure id="figure-7"> | 1643 | <figure id="figure-8"> |
1610 | <div class="artwork art-text alignLeft" id="section-4.2-2.1"> | 1644 | <div class="artwork art-text alignLeft" id="section-4.2-2.1"> |
1611 | <pre> | 1645 | <pre> |
1612 | 0 8 16 24 32 40 48 56 | 1646 | 0 8 16 24 32 40 48 56 |
@@ -1635,7 +1669,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1635 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 1669 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
1636 | </pre> | 1670 | </pre> |
1637 | </div> | 1671 | </div> |
1638 | <figcaption><a href="#figure-7" class="selfRef">Figure 7</a></figcaption></figure> | 1672 | <figcaption><a href="#figure-8" class="selfRef">Figure 8</a></figcaption></figure> |
1639 | </div> | 1673 | </div> |
1640 | <p id="section-4.2-3">where:<a href="#section-4.2-3" class="pilcrow">¶</a></p> | 1674 | <p id="section-4.2-3">where:<a href="#section-4.2-3" class="pilcrow">¶</a></p> |
1641 | <dl class="dlParallel" id="section-4.2-4"> | 1675 | <dl class="dlParallel" id="section-4.2-4"> |
@@ -1698,7 +1732,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1698 | set RDATA into the BDATA field of a GNS record block. | 1732 | set RDATA into the BDATA field of a GNS record block. |
1699 | The wire format of the RDATA looks as follows:<a href="#section-4.3-1" class="pilcrow">¶</a></p> | 1733 | The wire format of the RDATA looks as follows:<a href="#section-4.3-1" class="pilcrow">¶</a></p> |
1700 | <div id="figure_rdata"> | 1734 | <div id="figure_rdata"> |
1701 | <figure id="figure-8"> | 1735 | <figure id="figure-9"> |
1702 | <div class="artwork art-text alignLeft" id="section-4.3-2.1"> | 1736 | <div class="artwork art-text alignLeft" id="section-4.3-2.1"> |
1703 | <pre> | 1737 | <pre> |
1704 | 0 8 16 24 32 40 48 56 | 1738 | 0 8 16 24 32 40 48 56 |
@@ -1726,7 +1760,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1726 | / / | 1760 | / / |
1727 | </pre> | 1761 | </pre> |
1728 | </div> | 1762 | </div> |
1729 | <figcaption><a href="#figure-8" class="selfRef">Figure 8</a></figcaption></figure> | 1763 | <figcaption><a href="#figure-9" class="selfRef">Figure 9</a></figcaption></figure> |
1730 | </div> | 1764 | </div> |
1731 | <p id="section-4.3-3">where:<a href="#section-4.3-3" class="pilcrow">¶</a></p> | 1765 | <p id="section-4.3-3">where:<a href="#section-4.3-3" class="pilcrow">¶</a></p> |
1732 | <dl class="dlParallel" id="section-4.3-4"> | 1766 | <dl class="dlParallel" id="section-4.3-4"> |
@@ -1785,7 +1819,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1785 | <span>[<a href="#RFC3826" class="xref">RFC3826</a>]</span> key | 1819 | <span>[<a href="#RFC3826" class="xref">RFC3826</a>]</span> key |
1786 | and a 256-bit TWOFISH <span>[<a href="#TWOFISH" class="xref">TWOFISH</a>]</span> key:<a href="#section-4.3-8" class="pilcrow">¶</a></p> | 1820 | and a 256-bit TWOFISH <span>[<a href="#TWOFISH" class="xref">TWOFISH</a>]</span> key:<a href="#section-4.3-8" class="pilcrow">¶</a></p> |
1787 | <div id="figure_hkdf_keys"> | 1821 | <div id="figure_hkdf_keys"> |
1788 | <figure id="figure-9"> | 1822 | <figure id="figure-10"> |
1789 | <div class="artwork art-text alignLeft" id="section-4.3-9.1"> | 1823 | <div class="artwork art-text alignLeft" id="section-4.3-9.1"> |
1790 | <pre> | 1824 | <pre> |
1791 | 0 8 16 24 32 40 48 56 | 1825 | 0 8 16 24 32 40 48 56 |
@@ -1802,13 +1836,13 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1802 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 1836 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
1803 | </pre> | 1837 | </pre> |
1804 | </div> | 1838 | </div> |
1805 | <figcaption><a href="#figure-9" class="selfRef">Figure 9</a></figcaption></figure> | 1839 | <figcaption><a href="#figure-10" class="selfRef">Figure 10</a></figcaption></figure> |
1806 | </div> | 1840 | </div> |
1807 | <p id="section-4.3-10"> | 1841 | <p id="section-4.3-10"> |
1808 | Similarly, we divide "IV" into a 128-bit initialization vector | 1842 | Similarly, we divide "IV" into a 128-bit initialization vector |
1809 | and a 128-bit initialization vector:<a href="#section-4.3-10" class="pilcrow">¶</a></p> | 1843 | and a 128-bit initialization vector:<a href="#section-4.3-10" class="pilcrow">¶</a></p> |
1810 | <div id="figure_hkdf_ivs"> | 1844 | <div id="figure_hkdf_ivs"> |
1811 | <figure id="figure-10"> | 1845 | <figure id="figure-11"> |
1812 | <div class="artwork art-text alignLeft" id="section-4.3-11.1"> | 1846 | <div class="artwork art-text alignLeft" id="section-4.3-11.1"> |
1813 | <pre> | 1847 | <pre> |
1814 | 0 8 16 24 32 40 48 56 | 1848 | 0 8 16 24 32 40 48 56 |
@@ -1821,7 +1855,7 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le | |||
1821 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 1855 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
1822 | </pre> | 1856 | </pre> |
1823 | </div> | 1857 | </div> |
1824 | <figcaption><a href="#figure-10" class="selfRef">Figure 10</a></figcaption></figure> | 1858 | <figcaption><a href="#figure-11" class="selfRef">Figure 11</a></figcaption></figure> |
1825 | </div> | 1859 | </div> |
1826 | <p id="section-4.3-12"> | 1860 | <p id="section-4.3-12"> |
1827 | The keys and IVs are used for a CFB128-AES-256 and | 1861 | The keys and IVs are used for a CFB128-AES-256 and |
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt index b44d435..dbfbae6 100644 --- a/draft-schanzen-gns.txt +++ b/draft-schanzen-gns.txt | |||
@@ -66,19 +66,20 @@ Table of Contents | |||
66 | 3.1. PKEY . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 66 | 3.1. PKEY . . . . . . . . . . . . . . . . . . . . . . . . . . 5 |
67 | 3.2. GNS2DNS . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 67 | 3.2. GNS2DNS . . . . . . . . . . . . . . . . . . . . . . . . . 6 |
68 | 3.3. LEHO . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 68 | 3.3. LEHO . . . . . . . . . . . . . . . . . . . . . . . . . . 6 |
69 | 3.4. BOX . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 69 | 3.4. NICK . . . . . . . . . . . . . . . . . . . . . . . . . . 7 |
70 | 3.5. BOX . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | ||
70 | 4. Publishing records . . . . . . . . . . . . . . . . . . . . . 8 | 71 | 4. Publishing records . . . . . . . . . . . . . . . . . . . . . 8 |
71 | 4.1. Key derivations . . . . . . . . . . . . . . . . . . . . . 8 | 72 | 4.1. Key derivations . . . . . . . . . . . . . . . . . . . . . 8 |
72 | 4.2. Resource records block . . . . . . . . . . . . . . . . . 9 | 73 | 4.2. Resource records block . . . . . . . . . . . . . . . . . 9 |
73 | 4.3. Block data encryption and decryption . . . . . . . . . . 10 | 74 | 4.3. Block data encryption and decryption . . . . . . . . . . 11 |
74 | 5. Internationalization and Character Encoding . . . . . . . . . 13 | 75 | 5. Internationalization and Character Encoding . . . . . . . . . 13 |
75 | 6. Record Resolution . . . . . . . . . . . . . . . . . . . . . . 13 | 76 | 6. Record Resolution . . . . . . . . . . . . . . . . . . . . . . 13 |
76 | 6.1. Entry Zone . . . . . . . . . . . . . . . . . . . . . . . 13 | 77 | 6.1. Entry Zone . . . . . . . . . . . . . . . . . . . . . . . 14 |
77 | 6.2. Recursive Resolution . . . . . . . . . . . . . . . . . . 13 | 78 | 6.2. Recursive Resolution . . . . . . . . . . . . . . . . . . 14 |
78 | 7. Namespace Revocation . . . . . . . . . . . . . . . . . . . . 13 | 79 | 7. Namespace Revocation . . . . . . . . . . . . . . . . . . . . 14 |
79 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | 80 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 14 |
80 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | 81 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 |
81 | 10. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 13 | 82 | 10. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 14 |
82 | 11. Normative References . . . . . . . . . . . . . . . . . . . . 16 | 83 | 11. Normative References . . . . . . . . . . . . . . . . . . . . 16 |
83 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 | 84 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 |
84 | 85 | ||
@@ -104,8 +105,7 @@ Table of Contents | |||
104 | some respects as even as an alternative to some of today's Public Key | 105 | some respects as even as an alternative to some of today's Public Key |
105 | Infrastructures, in particular X.509 for the Web. | 106 | Infrastructures, in particular X.509 for the Web. |
106 | 107 | ||
107 | This document contains the GNU Name System (GNS) technical | 108 | |
108 | specification of the GNU Name System (GNS), a fully decentralized and | ||
109 | 109 | ||
110 | 110 | ||
111 | 111 | ||
@@ -114,6 +114,8 @@ Schanzenbach, et al. Expires 24 January 2020 [Page 2] | |||
114 | Internet-Draft The GNU Name System July 2019 | 114 | Internet-Draft The GNU Name System July 2019 |
115 | 115 | ||
116 | 116 | ||
117 | This document contains the GNU Name System (GNS) technical | ||
118 | specification of the GNU Name System (GNS), a fully decentralized and | ||
117 | censorship-resistant name system. GNS provides a privacy-enhancing | 119 | censorship-resistant name system. GNS provides a privacy-enhancing |
118 | alternative to the Domain Name System (DNS). The design of GNS | 120 | alternative to the Domain Name System (DNS). The design of GNS |
119 | incorporates the capability to integrate and coexist with DNS. GNS | 121 | incorporates the capability to integrate and coexist with DNS. GNS |
@@ -163,8 +165,6 @@ Internet-Draft The GNU Name System July 2019 | |||
163 | 165 | ||
164 | 166 | ||
165 | 167 | ||
166 | |||
167 | |||
168 | Schanzenbach, et al. Expires 24 January 2020 [Page 3] | 168 | Schanzenbach, et al. Expires 24 January 2020 [Page 3] |
169 | 169 | ||
170 | Internet-Draft The GNU Name System July 2019 | 170 | Internet-Draft The GNU Name System July 2019 |
@@ -352,7 +352,27 @@ Internet-Draft The GNU Name System July 2019 | |||
352 | (e.g. "Host:" header) it must be converted to a punycode | 352 | (e.g. "Host:" header) it must be converted to a punycode |
353 | representation [RFC3492]. | 353 | representation [RFC3492]. |
354 | 354 | ||
355 | 3.4. BOX | 355 | 3.4. NICK |
356 | |||
357 | Nickname records can be used by zone administrators to publish an | ||
358 | indication on what label this zone prefers to be referred to. This | ||
359 | is a suggestion to other zones what label to use when creating a PKEY | ||
360 | Section 3.1 record containing this zone's public zone key. A NICK | ||
361 | resource record contains an UTF-8 string (which is not 0-terminated) | ||
362 | representing the preferred label. This string may NOT inlcude a ".". | ||
363 | A NICK DATA entry has the following format: | ||
364 | |||
365 | 0 8 16 24 32 40 48 56 | ||
366 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
367 | | NICKNAME | | ||
368 | / / | ||
369 | / / | ||
370 | | | | ||
371 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
372 | |||
373 | Figure 6 | ||
374 | |||
375 | 3.5. BOX | ||
356 | 376 | ||
357 | In GNS, every "." in a name delegates to another zone, and GNS | 377 | In GNS, every "." in a name delegates to another zone, and GNS |
358 | lookups are expected to return all of the required useful information | 378 | lookups are expected to return all of the required useful information |
@@ -366,6 +386,14 @@ Internet-Draft The GNU Name System July 2019 | |||
366 | received, a GNS resolver must unbox it if the name to be resolved | 386 | received, a GNS resolver must unbox it if the name to be resolved |
367 | continues with "_SERVICE._PROTO", otherwise it is to be left | 387 | continues with "_SERVICE._PROTO", otherwise it is to be left |
368 | untouched. This way, TLSA (and SRV) records do not require a | 388 | untouched. This way, TLSA (and SRV) records do not require a |
389 | |||
390 | |||
391 | |||
392 | Schanzenbach, et al. Expires 24 January 2020 [Page 7] | ||
393 | |||
394 | Internet-Draft The GNU Name System July 2019 | ||
395 | |||
396 | |||
369 | separate network request, and TLSA records become inseparable from | 397 | separate network request, and TLSA records become inseparable from |
370 | the corresponding address records. A BOX DATA entry has the | 398 | the corresponding address records. A BOX DATA entry has the |
371 | following format: | 399 | following format: |
@@ -380,20 +408,11 @@ Internet-Draft The GNU Name System July 2019 | |||
380 | | | | 408 | | | |
381 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 409 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
382 | 410 | ||
383 | Figure 6 | 411 | Figure 7 |
384 | 412 | ||
385 | PROTO the 16-bit protocol number, e.g. 6 for tcp. In network byte | 413 | PROTO the 16-bit protocol number, e.g. 6 for tcp. In network byte |
386 | order. | 414 | order. |
387 | 415 | ||
388 | |||
389 | |||
390 | |||
391 | |||
392 | Schanzenbach, et al. Expires 24 January 2020 [Page 7] | ||
393 | |||
394 | Internet-Draft The GNU Name System July 2019 | ||
395 | |||
396 | |||
397 | SVC the 16-bit service value of the boxed record, i.e. the port | 416 | SVC the 16-bit service value of the boxed record, i.e. the port |
398 | number. In network byte order. | 417 | number. In network byte order. |
399 | 418 | ||
@@ -422,6 +441,15 @@ Internet-Draft The GNU Name System July 2019 | |||
422 | q := SHA512 (zk_h) | 441 | q := SHA512 (zk_h) |
423 | 442 | ||
424 | We use a hash-based key derivation function (HKDF) as defined in | 443 | We use a hash-based key derivation function (HKDF) as defined in |
444 | |||
445 | |||
446 | |||
447 | |||
448 | Schanzenbach, et al. Expires 24 January 2020 [Page 8] | ||
449 | |||
450 | Internet-Draft The GNU Name System July 2019 | ||
451 | |||
452 | |||
425 | [RFC5869]. We use HMAC-SHA512 for the extraction phase and HMAC- | 453 | [RFC5869]. We use HMAC-SHA512 for the extraction phase and HMAC- |
426 | SHA256 for the expansion phase. | 454 | SHA256 for the expansion phase. |
427 | 455 | ||
@@ -443,13 +471,6 @@ Internet-Draft The GNU Name System July 2019 | |||
443 | zk_h is a 256-bit public key derived from the zone key "zk" using | 471 | zk_h is a 256-bit public key derived from the zone key "zk" using |
444 | the keying material "h". | 472 | the keying material "h". |
445 | 473 | ||
446 | |||
447 | |||
448 | Schanzenbach, et al. Expires 24 January 2020 [Page 8] | ||
449 | |||
450 | Internet-Draft The GNU Name System July 2019 | ||
451 | |||
452 | |||
453 | L is the prime-order subgroup as defined in Section 2. | 474 | L is the prime-order subgroup as defined in Section 2. |
454 | 475 | ||
455 | q Is the 512-bit DHT key under which the resource records block is | 476 | q Is the 512-bit DHT key under which the resource records block is |
@@ -470,6 +491,21 @@ Internet-Draft The GNU Name System July 2019 | |||
470 | refresh publication. A GNS resource records block has the following | 491 | refresh publication. A GNS resource records block has the following |
471 | format: | 492 | format: |
472 | 493 | ||
494 | |||
495 | |||
496 | |||
497 | |||
498 | |||
499 | |||
500 | |||
501 | |||
502 | |||
503 | |||
504 | Schanzenbach, et al. Expires 24 January 2020 [Page 9] | ||
505 | |||
506 | Internet-Draft The GNU Name System July 2019 | ||
507 | |||
508 | |||
473 | 0 8 16 24 32 40 48 56 | 509 | 0 8 16 24 32 40 48 56 |
474 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 510 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
475 | | SIGNATURE | | 511 | | SIGNATURE | |
@@ -495,17 +531,10 @@ Internet-Draft The GNU Name System July 2019 | |||
495 | / | | 531 | / | |
496 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 532 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
497 | 533 | ||
498 | Figure 7 | 534 | Figure 8 |
499 | 535 | ||
500 | where: | 536 | where: |
501 | 537 | ||
502 | |||
503 | |||
504 | Schanzenbach, et al. Expires 24 January 2020 [Page 9] | ||
505 | |||
506 | Internet-Draft The GNU Name System July 2019 | ||
507 | |||
508 | |||
509 | SIGNATURE A 512-bit ECDSA deterministic signature compliant with | 538 | SIGNATURE A 512-bit ECDSA deterministic signature compliant with |
510 | [RFC6979]. The signature is computed over the data following the | 539 | [RFC6979]. The signature is computed over the data following the |
511 | PUBLIC KEY field. The signature is created using the derived | 540 | PUBLIC KEY field. The signature is created using the derived |
@@ -526,6 +555,13 @@ Internet-Draft The GNU Name System July 2019 | |||
526 | PURPOSE A 32-bit signature purpose flag. This field MUST be 15 (in | 555 | PURPOSE A 32-bit signature purpose flag. This field MUST be 15 (in |
527 | network byte order). | 556 | network byte order). |
528 | 557 | ||
558 | |||
559 | |||
560 | Schanzenbach, et al. Expires 24 January 2020 [Page 10] | ||
561 | |||
562 | Internet-Draft The GNU Name System July 2019 | ||
563 | |||
564 | |||
529 | EXPIRATION Specifies when the resource records block expires and the | 565 | EXPIRATION Specifies when the resource records block expires and the |
530 | encrypted block SHOULD be removed from the DHT and caches as it is | 566 | encrypted block SHOULD be removed from the DHT and caches as it is |
531 | likely stale. However, applications MAY continue to use non- | 567 | likely stale. However, applications MAY continue to use non- |
@@ -546,22 +582,6 @@ Internet-Draft The GNU Name System July 2019 | |||
546 | set RDATA into the BDATA field of a GNS record block. The wire | 582 | set RDATA into the BDATA field of a GNS record block. The wire |
547 | format of the RDATA looks as follows: | 583 | format of the RDATA looks as follows: |
548 | 584 | ||
549 | |||
550 | |||
551 | |||
552 | |||
553 | |||
554 | |||
555 | |||
556 | |||
557 | |||
558 | |||
559 | |||
560 | Schanzenbach, et al. Expires 24 January 2020 [Page 10] | ||
561 | |||
562 | Internet-Draft The GNU Name System July 2019 | ||
563 | |||
564 | |||
565 | 0 8 16 24 32 40 48 56 | 585 | 0 8 16 24 32 40 48 56 |
566 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 586 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
567 | | RR COUNT | EXPIRA- / | 587 | | RR COUNT | EXPIRA- / |
@@ -586,10 +606,18 @@ Internet-Draft The GNU Name System July 2019 | |||
586 | / PADDING / | 606 | / PADDING / |
587 | / / | 607 | / / |
588 | 608 | ||
589 | Figure 8 | 609 | Figure 9 |
590 | 610 | ||
591 | where: | 611 | where: |
592 | 612 | ||
613 | |||
614 | |||
615 | |||
616 | Schanzenbach, et al. Expires 24 January 2020 [Page 11] | ||
617 | |||
618 | Internet-Draft The GNU Name System July 2019 | ||
619 | |||
620 | |||
593 | RR COUNT A 32-bit value containing the number of variable-length | 621 | RR COUNT A 32-bit value containing the number of variable-length |
594 | resource records which are following after this field in network | 622 | resource records which are following after this field in network |
595 | byte order. | 623 | byte order. |
@@ -609,15 +637,6 @@ Internet-Draft The GNU Name System July 2019 | |||
609 | then use "zk_h" to compute "q" which is the query for the DHT. Upon | 637 | then use "zk_h" to compute "q" which is the query for the DHT. Upon |
610 | receiving a block from the DHT, the receiver first checks that the | 638 | receiving a block from the DHT, the receiver first checks that the |
611 | PUBLIC KEY field matches "zk_h". Then, the client MUST verify the | 639 | PUBLIC KEY field matches "zk_h". Then, the client MUST verify the |
612 | |||
613 | |||
614 | |||
615 | |||
616 | Schanzenbach, et al. Expires 24 January 2020 [Page 11] | ||
617 | |||
618 | Internet-Draft The GNU Name System July 2019 | ||
619 | |||
620 | |||
621 | signature. These steps are mandatory to prevent record spoofing and | 640 | signature. These steps are mandatory to prevent record spoofing and |
622 | MUST be performed before decryption. | 641 | MUST be performed before decryption. |
623 | 642 | ||
@@ -639,6 +658,22 @@ Internet-Draft The GNU Name System July 2019 | |||
639 | "K" into a 256-bit AES [RFC3826] key and a 256-bit TWOFISH [TWOFISH] | 658 | "K" into a 256-bit AES [RFC3826] key and a 256-bit TWOFISH [TWOFISH] |
640 | key: | 659 | key: |
641 | 660 | ||
661 | |||
662 | |||
663 | |||
664 | |||
665 | |||
666 | |||
667 | |||
668 | |||
669 | |||
670 | |||
671 | |||
672 | Schanzenbach, et al. Expires 24 January 2020 [Page 12] | ||
673 | |||
674 | Internet-Draft The GNU Name System July 2019 | ||
675 | |||
676 | |||
642 | 0 8 16 24 32 40 48 56 | 677 | 0 8 16 24 32 40 48 56 |
643 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 678 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
644 | | AES KEY | | 679 | | AES KEY | |
@@ -652,7 +687,7 @@ Internet-Draft The GNU Name System July 2019 | |||
652 | | | | 687 | | | |
653 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 688 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
654 | 689 | ||
655 | Figure 9 | 690 | Figure 10 |
656 | 691 | ||
657 | Similarly, we divide "IV" into a 128-bit initialization vector and a | 692 | Similarly, we divide "IV" into a 128-bit initialization vector and a |
658 | 128-bit initialization vector: | 693 | 128-bit initialization vector: |
@@ -666,15 +701,7 @@ Internet-Draft The GNU Name System July 2019 | |||
666 | | | | 701 | | | |
667 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 702 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
668 | 703 | ||
669 | 704 | Figure 11 | |
670 | |||
671 | |||
672 | Schanzenbach, et al. Expires 24 January 2020 [Page 12] | ||
673 | |||
674 | Internet-Draft The GNU Name System July 2019 | ||
675 | |||
676 | |||
677 | Figure 10 | ||
678 | 705 | ||
679 | The keys and IVs are used for a CFB128-AES-256 and CFB128-TWOFISH-256 | 706 | The keys and IVs are used for a CFB128-AES-256 and CFB128-TWOFISH-256 |
680 | chained symmetric cipher. Both ciphers are used in Cipher FeedBack | 707 | chained symmetric cipher. Both ciphers are used in Cipher FeedBack |
@@ -694,6 +721,15 @@ Internet-Draft The GNU Name System July 2019 | |||
694 | 721 | ||
695 | TODO | 722 | TODO |
696 | 723 | ||
724 | |||
725 | |||
726 | |||
727 | |||
728 | Schanzenbach, et al. Expires 24 January 2020 [Page 13] | ||
729 | |||
730 | Internet-Draft The GNU Name System July 2019 | ||
731 | |||
732 | |||
697 | 6.1. Entry Zone | 733 | 6.1. Entry Zone |
698 | 734 | ||
699 | There are three sources from which the entry zone can be determined: | 735 | There are three sources from which the entry zone can be determined: |
@@ -723,13 +759,6 @@ Internet-Draft The GNU Name System July 2019 | |||
723 | The following represents a test vector for a record of type MX with a | 759 | The following represents a test vector for a record of type MX with a |
724 | priority of 10 and the mail hostname mail.example.com. | 760 | priority of 10 and the mail hostname mail.example.com. |
725 | 761 | ||
726 | |||
727 | |||
728 | Schanzenbach, et al. Expires 24 January 2020 [Page 13] | ||
729 | |||
730 | Internet-Draft The GNU Name System July 2019 | ||
731 | |||
732 | |||
733 | label := "mail" | 762 | label := "mail" |
734 | 763 | ||
735 | d := | 764 | d := |
@@ -749,6 +778,14 @@ Internet-Draft The GNU Name System July 2019 | |||
749 | f2dbf7930be76fb9 | 778 | f2dbf7930be76fb9 |
750 | 5e7c80b1416f8ca6 | 779 | 5e7c80b1416f8ca6 |
751 | dc50ce8e1fb759b9 | 780 | dc50ce8e1fb759b9 |
781 | |||
782 | |||
783 | |||
784 | Schanzenbach, et al. Expires 24 January 2020 [Page 14] | ||
785 | |||
786 | Internet-Draft The GNU Name System July 2019 | ||
787 | |||
788 | |||
752 | fedcdcf546c17e9b | 789 | fedcdcf546c17e9b |
753 | 4c4f23632855c053 | 790 | 4c4f23632855c053 |
754 | 6668e9f684f4dc33 | 791 | 6668e9f684f4dc33 |
@@ -778,14 +815,6 @@ Internet-Draft The GNU Name System July 2019 | |||
778 | 815 | ||
779 | AES_IV := | 816 | AES_IV := |
780 | a808b929bc9fad7a | 817 | a808b929bc9fad7a |
781 | |||
782 | |||
783 | |||
784 | Schanzenbach, et al. Expires 24 January 2020 [Page 14] | ||
785 | |||
786 | Internet-Draft The GNU Name System July 2019 | ||
787 | |||
788 | |||
789 | 686bbe3432bed77a | 818 | 686bbe3432bed77a |
790 | 819 | ||
791 | TWOFISH_KEY := | 820 | TWOFISH_KEY := |
@@ -805,6 +834,14 @@ Internet-Draft The GNU Name System July 2019 | |||
805 | 000a046d61696c07 Priority (10) |4 | mail | 7 | 834 | 000a046d61696c07 Priority (10) |4 | mail | 7 |
806 | 6578616d706c6503 example | 3 | 835 | 6578616d706c6503 example | 3 |
807 | 636f6d0000000000 com | \0 | Followed by | 836 | 636f6d0000000000 com | \0 | Followed by |
837 | |||
838 | |||
839 | |||
840 | Schanzenbach, et al. Expires 24 January 2020 [Page 15] | ||
841 | |||
842 | Internet-Draft The GNU Name System July 2019 | ||
843 | |||
844 | |||
808 | 0000000000000000 24 bytes of padding to 2^6 | 845 | 0000000000000000 24 bytes of padding to 2^6 |
809 | 0000000000000000 | 846 | 0000000000000000 |
810 | 00000000 | 847 | 00000000 |
@@ -835,13 +872,6 @@ Internet-Draft The GNU Name System July 2019 | |||
835 | 001fd19a6406a721 | 872 | 001fd19a6406a721 |
836 | 713f0a0d | 873 | 713f0a0d |
837 | 874 | ||
838 | |||
839 | |||
840 | Schanzenbach, et al. Expires 24 January 2020 [Page 15] | ||
841 | |||
842 | Internet-Draft The GNU Name System July 2019 | ||
843 | |||
844 | |||
845 | 11. Normative References | 875 | 11. Normative References |
846 | 876 | ||
847 | [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", | 877 | [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", |
@@ -861,6 +891,13 @@ Internet-Draft The GNU Name System July 2019 | |||
861 | 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November | 891 | 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November |
862 | 2003, <https://www.rfc-editor.org/info/rfc3629>. | 892 | 2003, <https://www.rfc-editor.org/info/rfc3629>. |
863 | 893 | ||
894 | |||
895 | |||
896 | Schanzenbach, et al. Expires 24 January 2020 [Page 16] | ||
897 | |||
898 | Internet-Draft The GNU Name System July 2019 | ||
899 | |||
900 | |||
864 | [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The | 901 | [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The |
865 | Advanced Encryption Standard (AES) Cipher Algorithm in the | 902 | Advanced Encryption Standard (AES) Cipher Algorithm in the |
866 | SNMP User-based Security Model", RFC 3826, | 903 | SNMP User-based Security Model", RFC 3826, |
@@ -890,14 +927,6 @@ Internet-Draft The GNU Name System July 2019 | |||
890 | for Security", RFC 7748, DOI 10.17487/RFC7748, January | 927 | for Security", RFC 7748, DOI 10.17487/RFC7748, January |
891 | 2016, <https://www.rfc-editor.org/info/rfc7748>. | 928 | 2016, <https://www.rfc-editor.org/info/rfc7748>. |
892 | 929 | ||
893 | |||
894 | |||
895 | |||
896 | Schanzenbach, et al. Expires 24 January 2020 [Page 16] | ||
897 | |||
898 | Internet-Draft The GNU Name System July 2019 | ||
899 | |||
900 | |||
901 | [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital | 930 | [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital |
902 | Signature Algorithm (EdDSA)", RFC 8032, | 931 | Signature Algorithm (EdDSA)", RFC 8032, |
903 | DOI 10.17487/RFC8032, January 2017, | 932 | DOI 10.17487/RFC8032, January 2017, |
@@ -917,6 +946,14 @@ Authors' Addresses | |||
917 | Email: schanzen@gnunet.org | 946 | Email: schanzen@gnunet.org |
918 | 947 | ||
919 | 948 | ||
949 | |||
950 | |||
951 | |||
952 | Schanzenbach, et al. Expires 24 January 2020 [Page 17] | ||
953 | |||
954 | Internet-Draft The GNU Name System July 2019 | ||
955 | |||
956 | |||
920 | Christian Grothoff | 957 | Christian Grothoff |
921 | Berner Fachhochschule | 958 | Berner Fachhochschule |
922 | Hoeheweg 80 | 959 | Hoeheweg 80 |
@@ -949,4 +986,23 @@ Authors' Addresses | |||
949 | 986 | ||
950 | 987 | ||
951 | 988 | ||
952 | Schanzenbach, et al. Expires 24 January 2020 [Page 17] | 989 | |
990 | |||
991 | |||
992 | |||
993 | |||
994 | |||
995 | |||
996 | |||
997 | |||
998 | |||
999 | |||
1000 | |||
1001 | |||
1002 | |||
1003 | |||
1004 | |||
1005 | |||
1006 | |||
1007 | |||
1008 | Schanzenbach, et al. Expires 24 January 2020 [Page 18] | ||
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index edf77f6..ce74c57 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -345,6 +345,32 @@ | |||
345 | <xref target="RFC3492" />. | 345 | <xref target="RFC3492" />. |
346 | </t> | 346 | </t> |
347 | </section> | 347 | </section> |
348 | <section anchor="gnsrecords_nick" numbered="true" toc="default"> | ||
349 | <name>NICK</name> | ||
350 | <t>Nickname records can be used by zone administrators to publish an | ||
351 | indication on what label this zone prefers to be referred to. | ||
352 | This is a suggestion to other zones what label to use when creating a | ||
353 | PKEY <xref target="gnsrecords_pkey" /> record containing this zone's | ||
354 | public zone key. | ||
355 | A NICK resource record contains an UTF-8 string | ||
356 | (which is not 0-terminated) representing the preferred label. | ||
357 | This string may NOT inlcude a ".". | ||
358 | A NICK DATA entry has the following format: | ||
359 | </t> | ||
360 | <figure anchor="figure_nickrecord"> | ||
361 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
362 | 0 8 16 24 32 40 48 56 | ||
363 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
364 | | NICKNAME | | ||
365 | / / | ||
366 | / / | ||
367 | | | | ||
368 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
369 | ]]></artwork> | ||
370 | <!-- <postamble>which is a very simple example.</postamble>--> | ||
371 | </figure> | ||
372 | </section> | ||
373 | |||
348 | <section anchor="gnsrecords_box" numbered="true" toc="default"> | 374 | <section anchor="gnsrecords_box" numbered="true" toc="default"> |
349 | <name>BOX</name> | 375 | <name>BOX</name> |
350 | <t> | 376 | <t> |