diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 50f71cd..1f0ef16 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -2534,7 +2534,9 @@ NICK: john (Supplemental) | |||
2534 | by having the respective domains seized by authorities. | 2534 | by having the respective domains seized by authorities. |
2535 | However, the same mechanisms can also be abused in order to impose | 2535 | However, the same mechanisms can also be abused in order to impose |
2536 | state censorship, which is one of the motivations behind GNS. | 2536 | state censorship, which is one of the motivations behind GNS. |
2537 | Hence, such a seizure is, by design, difficult to impossible in GNS. | 2537 | In GNS, TLDs are not enumerable. By design, the start zone of |
2538 | the resolver is defined locally and hence such a seizure is | ||
2539 | difficult and ineffective in GNS. | ||
2538 | <!--In particular, GNS does not support WHOIS (<xref target="RFC3912" />).--> | 2540 | <!--In particular, GNS does not support WHOIS (<xref target="RFC3912" />).--> |
2539 | </t> | 2541 | </t> |
2540 | </section> | 2542 | </section> |
@@ -2548,7 +2550,8 @@ NICK: john (Supplemental) | |||
2548 | Zone administrators, and for GNS this includes end-users, are | 2550 | Zone administrators, and for GNS this includes end-users, are |
2549 | required to responsibly and diligently protect their cryptographic | 2551 | required to responsibly and diligently protect their cryptographic |
2550 | keys. | 2552 | keys. |
2551 | GNS supports offline signing of records. | 2553 | GNS supports signing records in advance ("offline") in order to |
2554 | support processes which aim to protect private keys such as air gaps. | ||
2552 | <!-- It does not support separate zone signing and key-signing keys | 2555 | <!-- It does not support separate zone signing and key-signing keys |
2553 | (as in <xref target="RFC6781" />) in order to provide usable security. This is not useful for any implementer --> | 2556 | (as in <xref target="RFC6781" />) in order to provide usable security. This is not useful for any implementer --> |
2554 | </t> | 2557 | </t> |