1 files changed, 145 insertions, 114 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 9a58ceb..ed50901 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -37,13 +37,13 @@
 <?rfc sortrefs="yes" ?>
 <?rfc compact="yes" ?>
 <?rfc subcompact="no" ?>
-<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-schanzen-gns-18" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" version="3">
+<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-schanzen-gns-19" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" version="3">
 <!-- xml2rfc v2v3 conversion 2.26.0 -->
 <front>
  <title abbrev="The GNU Name System">
   The GNU Name System
  </title>
-  <seriesInfo name="Internet-Draft" value="draft-schanzen-gns-18"/>
+  <seriesInfo name="Internet-Draft" value="draft-schanzen-gns-19"/>
  <author fullname="Martin Schanzenbach" initials="M." surname="Schanzenbach">
   <organization>Fraunhofer AISEC</organization>
   <address>
@@ -335,111 +335,142 @@
   </section>
   <section anchor="overview" numbered="true" toc="default">
     <name>Overview</name>
-     <t>
+       <t>
-       GNS exhibits the three properties of a petname system:
+         GNS exhibits the three properties that are commonly used to describe
-     </t>
+         a petname system:
-     <ol>
+       </t>
-       <li>
+       <ol>
-         It provides global names through the concept of zone top-level
+         <li>
-         domains (zTLDs). As zones can be uniquely identified by their zone key
+           Global names through the concept of zone top-level
-         and are statistically unqiue, GNS names with a zTLD suffix are also
+           domains (zTLDs): As zones can be uniquely identified by their zone key
-         globally unique.
+           and are statistically unique, zTLDs are globally unique mappings to zones.
-       </li>
+           Consequently, GNS names with a zTLD suffix are also globally unique.
-       <li>
+           Global GNS names are not human-readable.
-         It provides memorable or "human-readable" names by enabling users to
+         </li>
-         configure local mappings from nicknames to zones.
+         <li>
-         Zone owners can publish their mappings
+           Memorable petnames for zones:
-         in order to enable namespace delegation and facilitate resolution of
+           Users can configure local petnames for zones.
-         memorable names.
+           The petnames serve as zTLD monikers in order to support human-readable
-       </li>
+           names.
-       <li>
+           The petnames may also be published in order to delegate namespaces
-         It provides secure mapping from names to records as zone contents
+           of zones.
-         are signed using blinded private keys and encrypted using derived
+         </li>
-         secret keys.
+         <li>
-       </li>
+           A secure mapping from names to records:
-     </ol>
+           GNS allows zone owners to map petnames to resource records or to
-     <t>
+           delegate authority of the petname to other zones and publish this
-       In GNS, any user can create and manage one or more zones
+           information.
-       (<xref target="zones"/>) as part of a zone master implementation.
+           The mappings are signed and encrypted using keys derived from local
-       The zone type determines the respective set of cryptographic operations
+           labels.
-       and the wire formats for encrypted data, public keys and signatures.
+           When names are resolved, resource records including delegations can
-       A zone can be populated with mappings from labels to resource records by
+           be verified by the implementation.
-       its owner (<xref target="rrecords"/>).
+         </li>
-       A label can be mapped to a delegation record which results in the
+       </ol>
-       corresponding subdomain being delegated to another zone. Circular
+       <t>
-       delegations are explicitly allowed, including delegating a subdomain
+         It follows from the above that GNS does not support names which are
-       to its immediate parent zone.  In
+         simultaneously global, secure and human-readable.
-       order to support (legacy) applications as well as to facilitate the use
+         Instead, names are either global and not human-readable or not globally
-       of petnames, GNS defines auxiliary record types in addition to
+         unique and human-readable.
-       supporting existing DNS records.
+         An example for a global name pointing to the record "example" in
-     </t>
+         a zone is:
-     <t>
+       </t>
-       Zone contents are encrypted and signed
+       <sourcecode>
-       before being published in a key-value storage (<xref target="publish"/>)
+example.000G006K2TJNMD9VTCYRX7BRVV3HAEPS15E6NHDXKPJA1KAJJEG9AFF884
-       as illustrated in <xref target="figure_arch_publish"/>.
+       </sourcecode>
-       In this process, unique zone identification is hidden from the network
+       <t>
-       through the use of key blinding.
+         Now consider the petname "pet" for the example zone
-       Key blinding allows the creation of signatures for zone contents
+         of the name above.
-       using a blinded public/private key pair.
+         The following name would point to the same record as the
-       This blinding is realized using a deterministic key
+         globally unique name above but it is only valid locally:
-       derivation from
+       </t>
-       the original zone key and corresponding private key using record label values
+       <sourcecode>
-       as blinding factors.
+example.pet
-       Specifically, the zone owner can derive blinded private keys for each record
+       </sourcecode>
-       set published under a label, and a
+       <t>
-       resolver can derive the corresponding blinded public keys.
+         The delegation of petnames and subsequent resolution of delegation
-       It is expected that GNS implementations use distributed or decentralized
+         builds on ideas from the Simple Distributed Security Infrastructure
-       storages such as distributed hash tables (DHT) in order to facilitate
+         <xref target="SDSI" />.
-       availability within a network without the need for dedicated infrastructure.
+         In GNS, any user can create and manage one or more zones
-       Specification of such a distributed or decentralized storage is out of
+         (<xref target="zones"/>) as part of a zone master implementation.
-       scope of this document, but possible existing implementations include those
+         The zone type determines the respective set of cryptographic operations
-       based on <xref target="RFC7363" />, <xref target="Kademlia" /> or
+         and the wire formats for encrypted data, public keys and signatures.
-       <xref target="R5N" />.
+         A zone can be populated with mappings from labels to resource records by
-     </t>
+         its owner (<xref target="rrecords"/>).
-     <figure anchor="figure_arch_publish" title="An example diagram of two hosts publishing GNS zones.">
+         A label can be mapped to a delegation record which results in the
-       <artwork name="" type="" align="left" alt=""><![CDATA[
+         corresponding subdomain being delegated to another zone. Circular
-        Local Host     |   Remote        |    Remote Host
+         delegations are explicitly allowed, including delegating a subdomain
-                       |   Storage       |
+         to its immediate parent zone.  In
-                       |                 |
+         order to support (legacy) applications as well as to facilitate the use
-                       |    +---------+  |
+         of petnames, GNS defines auxiliary record types in addition to
-                       |   /         /|  |
+         supporting existing DNS records.
-              Publish  |  +---------+ |  |  Publish
+       </t>
-  +---------+ Records  |  |         | |  |  Records +---------+
+       <t>
-  |  Zone   |----------|->| Record  | |<-|----------|  Zone   |
+         Zone contents are encrypted and signed
-  | Master  |          |  | Storage | |  |          | Master  |
+         before being published in a key-value storage (<xref target="publish"/>)
-  +---------+          |  |         |/   |          +---------+
+         as illustrated in <xref target="figure_arch_publish"/>.
-       A               |  +---------+    |               A
+         In this process, unique zone identification is hidden from the network
-       |               |                 |               |
+         through the use of key blinding.
-    +---------+        |                 |           +---------+
+         Key blinding allows the creation of signatures for zone contents
-   /   |     /|        |                 |          /    |    /|
+         using a blinded public/private key pair.
-  +---------+ |        |                 |         +---------+ |
+         This blinding is realized using a deterministic key
-  |         | |        |                 |         |         | |
+         derivation from
-  |  Local  | |        |                 |         |  Local  | |
+         the original zone key and corresponding private key using record label values
-  |  Zones  | |        |                 |         |  Zones  | |
+         as blinding factors.
-  |         |/         |                 |         |         |/
+         Specifically, the zone owner can derive blinded private keys for each record
-  +---------+          |                 |         +---------+
+         set published under a label, and a
-         ]]></artwork>
+         resolver can derive the corresponding blinded public keys.
-     </figure>
+         It is expected that GNS implementations use distributed or decentralized
-     <t>
+         storages such as distributed hash tables (DHT) in order to facilitate
-       Applications use the resolver to lookup GNS names.
+         availability within a network without the need for dedicated infrastructure.
-       Starting from a configurable start zone, names are resolved by following zone
+         Specification of such a distributed or decentralized storage is out of
-       delegations recursively as illustrated in <xref target="figure_arch_resolv"/>.
+         scope of this document, but possible existing implementations include those
-       For each label in a name, the recursive GNS resolver
+         based on <xref target="RFC7363" />, <xref target="Kademlia" /> or
-       fetches the respective record from the storage layer (<xref target="resolution"/>).
+         <xref target="R5N" />.
-       Without knowledge of the label values and the zone keys, the
+       </t>
-       different derived keys are unlinkable both to the original zone key and to each
+       <figure anchor="figure_arch_publish" title="An example diagram of two hosts publishing GNS zones.">
-       other.
+         <artwork name="" type="" align="left" alt=""><![CDATA[
-       This prevents zone enumeration (except via impractical online brute
+       Local Host     |   Remote        |    Remote Host
-       force attacks) and requires knowledge
+                      |   Storage       |
-       of both the zone key and the label to confirm affiliation of a
+                      |                 |
-       query or the corresponding encrypted record set with a
+                      |    +---------+  |
-       specific zone. At the same time, the blinded zone key provides
+                      |   /         /|  |
-       resolvers
+             Publish  |  +---------+ |  |  Publish
-       with the ability to verify the integrity of the published information
+ +---------+ Records  |  |         | |  |  Records +---------+
-       without disclosing the originating zone.
+ |  Zone   |----------|->| Record  | |<-|----------|  Zone   |
-     </t>
+ | Master  |          |  | Storage | |  |          | Master  |
-     <figure anchor="figure_arch_resolv" title="High-level view of the GNS resolution process.">
+ +---------+          |  |         |/   |          +---------+
-       <artwork name="" type="" align="left" alt=""><![CDATA[
+      A               |  +---------+    |               A
+      |               |                 |               |
+   +---------+        |                 |           +---------+
+  /   |     /|        |                 |          /    |    /|
+ +---------+ |        |                 |         +---------+ |
+ |         | |        |                 |         |         | |
+ |  Local  | |        |                 |         |  Local  | |
+ |  Zones  | |        |                 |         |  Zones  | |
+ |         |/         |                 |         |         |/
+ +---------+          |                 |         +---------+
+           ]]></artwork>
+       </figure>
+       <t>
+         Applications use the resolver to lookup GNS names.
+         Starting from a configurable start zone, names are resolved by following zone
+         delegations recursively as illustrated in <xref target="figure_arch_resolv"/>.
+         For each label in a name, the recursive GNS resolver
+         fetches the respective record from the storage layer (<xref target="resolution"/>).
+         Without knowledge of the label values and the zone keys, the
+         different derived keys are unlinkable both to the original zone key and to each
+         other.
+         This prevents zone enumeration (except via impractical online brute
+         force attacks) and requires knowledge
+         of both the zone key and the label to confirm affiliation of a
+         query or the corresponding encrypted record set with a
+         specific zone. At the same time, the blinded zone key provides
+         resolvers
+         with the ability to verify the integrity of the published information
+         without disclosing the originating zone.
+       </t>
+       <figure anchor="figure_arch_resolv" title="High-level view of the GNS resolution process.">
+         <artwork name="" type="" align="left" alt=""><![CDATA[
                           Local Host           |   Remote
                                                |   Storage
                                                |
@@ -461,13 +492,13 @@
                     |  Zones  | |              |
                     |         |/               |
                     +---------+                |
-         ]]></artwork>
+           ]]></artwork>
-     </figure>
+       </figure>
-     <t>
+       <t>
-       In the remainder of this document, the "implementer" refers to the developer building
+         In the remainder of this document, the "implementer" refers to the developer building
-       a GNS implementation including the resolver, zone master, and
+         a GNS implementation including the resolver, zone master, and
-       supporting configuration such as start zones (<xref target="governance"/>).
+         supporting configuration such as start zones (<xref target="governance"/>).
-     </t>
+       </t>
   </section>
   <section anchor="zones" numbered="true" toc="default">
     <name>Zones</name>

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 9a58ceb..ed50901 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml
@@ -37,13 +37,13 @@
37	<?rfc sortrefs="yes" ?>	37	<?rfc sortrefs="yes" ?>
38	<?rfc compact="yes" ?>	38	<?rfc compact="yes" ?>
39	<?rfc subcompact="no" ?>	39	<?rfc subcompact="no" ?>
40	<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-schanzen-gns-18" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" version="3">	40	<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-schanzen-gns-19" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" version="3">
41	<!-- xml2rfc v2v3 conversion 2.26.0 -->	41	<!-- xml2rfc v2v3 conversion 2.26.0 -->
42	<front>	42	<front>
43	<title abbrev="The GNU Name System">	43	<title abbrev="The GNU Name System">
44	The GNU Name System	44	The GNU Name System
45	</title>	45	</title>
46	<seriesInfo name="Internet-Draft" value="draft-schanzen-gns-18"/>	46	<seriesInfo name="Internet-Draft" value="draft-schanzen-gns-19"/>
47	<author fullname="Martin Schanzenbach" initials="M." surname="Schanzenbach">	47	<author fullname="Martin Schanzenbach" initials="M." surname="Schanzenbach">
48	<organization>Fraunhofer AISEC</organization>	48	<organization>Fraunhofer AISEC</organization>
49	<address>	49	<address>
@@ -335,111 +335,142 @@
335	</section>	335	</section>
336	<section anchor="overview" numbered="true" toc="default">	336	<section anchor="overview" numbered="true" toc="default">
337	<name>Overview</name>	337	<name>Overview</name>
338	<t>	338	<t>
339	GNS exhibits the three properties of a petname system:	339	GNS exhibits the three properties that are commonly used to describe
340	</t>	340	a petname system:
341	<ol>	341	</t>
342	<li>	342	<ol>
343	It provides global names through the concept of zone top-level	343	<li>
344	domains (zTLDs). As zones can be uniquely identified by their zone key	344	Global names through the concept of zone top-level
345	and are statistically unqiue, GNS names with a zTLD suffix are also	345	domains (zTLDs): As zones can be uniquely identified by their zone key
346	globally unique.	346	and are statistically unique, zTLDs are globally unique mappings to zones.
347	</li>	347	Consequently, GNS names with a zTLD suffix are also globally unique.
348	<li>	348	Global GNS names are not human-readable.
349	It provides memorable or "human-readable" names by enabling users to	349	</li>
350	configure local mappings from nicknames to zones.	350	<li>
351	Zone owners can publish their mappings	351	Memorable petnames for zones:
352	in order to enable namespace delegation and facilitate resolution of	352	Users can configure local petnames for zones.
353	memorable names.	353	The petnames serve as zTLD monikers in order to support human-readable
354	</li>	354	names.
355	<li>	355	The petnames may also be published in order to delegate namespaces
356	It provides secure mapping from names to records as zone contents	356	of zones.
357	are signed using blinded private keys and encrypted using derived	357	</li>
358	secret keys.	358	<li>
359	</li>	359	A secure mapping from names to records:
360	</ol>	360	GNS allows zone owners to map petnames to resource records or to
361	<t>	361	delegate authority of the petname to other zones and publish this
362	In GNS, any user can create and manage one or more zones	362	information.
363	(<xref target="zones"/>) as part of a zone master implementation.	363	The mappings are signed and encrypted using keys derived from local
364	The zone type determines the respective set of cryptographic operations	364	labels.
365	and the wire formats for encrypted data, public keys and signatures.	365	When names are resolved, resource records including delegations can
366	A zone can be populated with mappings from labels to resource records by	366	be verified by the implementation.
367	its owner (<xref target="rrecords"/>).	367	</li>
368	A label can be mapped to a delegation record which results in the	368	</ol>
369	corresponding subdomain being delegated to another zone. Circular	369	<t>
370	delegations are explicitly allowed, including delegating a subdomain	370	It follows from the above that GNS does not support names which are
371	to its immediate parent zone. In	371	simultaneously global, secure and human-readable.
372	order to support (legacy) applications as well as to facilitate the use	372	Instead, names are either global and not human-readable or not globally
373	of petnames, GNS defines auxiliary record types in addition to	373	unique and human-readable.
374	supporting existing DNS records.	374	An example for a global name pointing to the record "example" in
375	</t>	375	a zone is:
376	<t>	376	</t>
377	Zone contents are encrypted and signed	377	<sourcecode>
378	before being published in a key-value storage (<xref target="publish"/>)	378	example.000G006K2TJNMD9VTCYRX7BRVV3HAEPS15E6NHDXKPJA1KAJJEG9AFF884
379	as illustrated in <xref target="figure_arch_publish"/>.	379	</sourcecode>
380	In this process, unique zone identification is hidden from the network	380	<t>
381	through the use of key blinding.	381	Now consider the petname "pet" for the example zone
382	Key blinding allows the creation of signatures for zone contents	382	of the name above.
383	using a blinded public/private key pair.	383	The following name would point to the same record as the
384	This blinding is realized using a deterministic key	384	globally unique name above but it is only valid locally:
385	derivation from	385	</t>
386	the original zone key and corresponding private key using record label values	386	<sourcecode>
387	as blinding factors.	387	example.pet
388	Specifically, the zone owner can derive blinded private keys for each record	388	</sourcecode>
389	set published under a label, and a	389	<t>
390	resolver can derive the corresponding blinded public keys.	390	The delegation of petnames and subsequent resolution of delegation
391	It is expected that GNS implementations use distributed or decentralized	391	builds on ideas from the Simple Distributed Security Infrastructure
392	storages such as distributed hash tables (DHT) in order to facilitate	392	<xref target="SDSI" />.
393	availability within a network without the need for dedicated infrastructure.	393	In GNS, any user can create and manage one or more zones
394	Specification of such a distributed or decentralized storage is out of	394	(<xref target="zones"/>) as part of a zone master implementation.
395	scope of this document, but possible existing implementations include those	395	The zone type determines the respective set of cryptographic operations
396	based on <xref target="RFC7363" />, <xref target="Kademlia" /> or	396	and the wire formats for encrypted data, public keys and signatures.
397	<xref target="R5N" />.	397	A zone can be populated with mappings from labels to resource records by
398	</t>	398	its owner (<xref target="rrecords"/>).
399	<figure anchor="figure_arch_publish" title="An example diagram of two hosts publishing GNS zones.">	399	A label can be mapped to a delegation record which results in the
400	<artwork name="" type="" align="left" alt=""><![CDATA[	400	corresponding subdomain being delegated to another zone. Circular
401	Local Host \| Remote \| Remote Host	401	delegations are explicitly allowed, including delegating a subdomain
402	\| Storage \|	402	to its immediate parent zone. In
403	\| \|	403	order to support (legacy) applications as well as to facilitate the use
404	\| +---------+ \|	404	of petnames, GNS defines auxiliary record types in addition to
405	\| / /\| \|	405	supporting existing DNS records.
406	Publish \| +---------+ \| \| Publish	406	</t>
407	+---------+ Records \| \| \| \| \| Records +---------+	407	<t>
408	\| Zone \|----------\|->\| Record \| \|<-\|----------\| Zone \|	408	Zone contents are encrypted and signed
409	\| Master \| \| \| Storage \| \| \| \| Master \|	409	before being published in a key-value storage (<xref target="publish"/>)
410	+---------+ \| \| \|/ \| +---------+	410	as illustrated in <xref target="figure_arch_publish"/>.
411	A \| +---------+ \| A	411	In this process, unique zone identification is hidden from the network
412	\| \| \| \|	412	through the use of key blinding.
413	+---------+ \| \| +---------+	413	Key blinding allows the creation of signatures for zone contents
414	/ \| /\| \| \| / \| /\|	414	using a blinded public/private key pair.
415	+---------+ \| \| \| +---------+ \|	415	This blinding is realized using a deterministic key
416	\| \| \| \| \| \| \| \|	416	derivation from
417	\| Local \| \| \| \| \| Local \| \|	417	the original zone key and corresponding private key using record label values
418	\| Zones \| \| \| \| \| Zones \| \|	418	as blinding factors.
419	\| \|/ \| \| \| \|/	419	Specifically, the zone owner can derive blinded private keys for each record
420	+---------+ \| \| +---------+	420	set published under a label, and a
421	]]></artwork>	421	resolver can derive the corresponding blinded public keys.
422	</figure>	422	It is expected that GNS implementations use distributed or decentralized
423	<t>	423	storages such as distributed hash tables (DHT) in order to facilitate
424	Applications use the resolver to lookup GNS names.	424	availability within a network without the need for dedicated infrastructure.
425	Starting from a configurable start zone, names are resolved by following zone	425	Specification of such a distributed or decentralized storage is out of
426	delegations recursively as illustrated in <xref target="figure_arch_resolv"/>.	426	scope of this document, but possible existing implementations include those
427	For each label in a name, the recursive GNS resolver	427	based on <xref target="RFC7363" />, <xref target="Kademlia" /> or
428	fetches the respective record from the storage layer (<xref target="resolution"/>).	428	<xref target="R5N" />.
429	Without knowledge of the label values and the zone keys, the	429	</t>
430	different derived keys are unlinkable both to the original zone key and to each	430	<figure anchor="figure_arch_publish" title="An example diagram of two hosts publishing GNS zones.">
431	other.	431	<artwork name="" type="" align="left" alt=""><![CDATA[
432	This prevents zone enumeration (except via impractical online brute	432	Local Host \| Remote \| Remote Host
433	force attacks) and requires knowledge	433	\| Storage \|
434	of both the zone key and the label to confirm affiliation of a	434	\| \|
435	query or the corresponding encrypted record set with a	435	\| +---------+ \|
436	specific zone. At the same time, the blinded zone key provides	436	\| / /\| \|
437	resolvers	437	Publish \| +---------+ \| \| Publish
438	with the ability to verify the integrity of the published information	438	+---------+ Records \| \| \| \| \| Records +---------+
439	without disclosing the originating zone.	439	\| Zone \|----------\|->\| Record \| \|<-\|----------\| Zone \|
440	</t>	440	\| Master \| \| \| Storage \| \| \| \| Master \|
441	<figure anchor="figure_arch_resolv" title="High-level view of the GNS resolution process.">	441	+---------+ \| \| \|/ \| +---------+
442	<artwork name="" type="" align="left" alt=""><![CDATA[	442	A \| +---------+ \| A
		443	\| \| \| \|
		444	+---------+ \| \| +---------+
		445	/ \| /\| \| \| / \| /\|
		446	+---------+ \| \| \| +---------+ \|
		447	\| \| \| \| \| \| \| \|
		448	\| Local \| \| \| \| \| Local \| \|
		449	\| Zones \| \| \| \| \| Zones \| \|
		450	\| \|/ \| \| \| \|/
		451	+---------+ \| \| +---------+
		452	]]></artwork>
		453	</figure>
		454	<t>
		455	Applications use the resolver to lookup GNS names.
		456	Starting from a configurable start zone, names are resolved by following zone
		457	delegations recursively as illustrated in <xref target="figure_arch_resolv"/>.
		458	For each label in a name, the recursive GNS resolver
		459	fetches the respective record from the storage layer (<xref target="resolution"/>).
		460	Without knowledge of the label values and the zone keys, the
		461	different derived keys are unlinkable both to the original zone key and to each
		462	other.
		463	This prevents zone enumeration (except via impractical online brute
		464	force attacks) and requires knowledge
		465	of both the zone key and the label to confirm affiliation of a
		466	query or the corresponding encrypted record set with a
		467	specific zone. At the same time, the blinded zone key provides
		468	resolvers
		469	with the ability to verify the integrity of the published information
		470	without disclosing the originating zone.
		471	</t>
		472	<figure anchor="figure_arch_resolv" title="High-level view of the GNS resolution process.">
		473	<artwork name="" type="" align="left" alt=""><![CDATA[
443	Local Host \| Remote	474	Local Host \| Remote
444	\| Storage	475	\| Storage
445	\|	476	\|
@@ -461,13 +492,13 @@
461	\| Zones \| \| \|	492	\| Zones \| \| \|
462	\| \|/ \|	493	\| \|/ \|
463	+---------+ \|	494	+---------+ \|
464	]]></artwork>	495	]]></artwork>
465	</figure>	496	</figure>
466	<t>	497	<t>
467	In the remainder of this document, the "implementer" refers to the developer building	498	In the remainder of this document, the "implementer" refers to the developer building
468	a GNS implementation including the resolver, zone master, and	499	a GNS implementation including the resolver, zone master, and
469	supporting configuration such as start zones (<xref target="governance"/>).	500	supporting configuration such as start zones (<xref target="governance"/>).
470	</t>	501	</t>
471	</section>	502	</section>
472	<section anchor="zones" numbered="true" toc="default">	503	<section anchor="zones" numbered="true" toc="default">
473	<name>Zones</name>	504	<name>Zones</name>