diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index e978671..bdea6a2 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -938,7 +938,7 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
938 | being delegated to. | 938 | being delegated to. |
939 | A zone delegation record payload contains the public key of | 939 | A zone delegation record payload contains the public key of |
940 | the zone to delegate to. | 940 | the zone to delegate to. |
941 | A zone delegation record <bcp14>MUST</bcp14> have the CRTITICAL flag set | 941 | A zone delegation record <bcp14>MUST</bcp14> have the CRITICAL flag set |
942 | and <bcp14>MUST</bcp14> be the only non-supplemental record under a label. | 942 | and <bcp14>MUST</bcp14> be the only non-supplemental record under a label. |
943 | There <bcp14>MAY</bcp14> be inactive records of the same type which have | 943 | There <bcp14>MAY</bcp14> be inactive records of the same type which have |
944 | the SHADOW flag set in order to facilitate smooth key rollovers. | 944 | the SHADOW flag set in order to facilitate smooth key rollovers. |
@@ -1090,7 +1090,7 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1090 | <t> | 1090 | <t> |
1091 | The key K and counter IV are derived from | 1091 | The key K and counter IV are derived from |
1092 | the record label and the zone key zk using a hash-based key | 1092 | the record label and the zone key zk using a hash-based key |
1093 | derivation function (HDKF) as defined in <xref target="RFC5869" />. | 1093 | derivation function (HKDF) as defined in <xref target="RFC5869" />. |
1094 | SHA-512 <xref target="RFC6234"/> is used for the | 1094 | SHA-512 <xref target="RFC6234"/> is used for the |
1095 | extraction phase and SHA-256 <xref target="RFC6234"/> for the expansion phase. | 1095 | extraction phase and SHA-256 <xref target="RFC6234"/> for the expansion phase. |
1096 | The output keying material is 32 bytes (256 bits) for the symmetric | 1096 | The output keying material is 32 bytes (256 bits) for the symmetric |
@@ -1397,7 +1397,7 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1397 | Any implementation <bcp14>SHOULD</bcp14> support all redirection record types defined here | 1397 | Any implementation <bcp14>SHOULD</bcp14> support all redirection record types defined here |
1398 | and <bcp14>MAY</bcp14> support any number of additional redirection records defined in | 1398 | and <bcp14>MAY</bcp14> support any number of additional redirection records defined in |
1399 | the GNU Name System Record Types registry (see Section <xref target="gana"/>). | 1399 | the GNU Name System Record Types registry (see Section <xref target="gana"/>). |
1400 | Redirection records <bcp14>MUST</bcp14> have the CRTITICAL flag set. | 1400 | Redirection records <bcp14>MUST</bcp14> have the CRITICAL flag set. |
1401 | Not supporting some record types may consequently result in resolution failures. | 1401 | Not supporting some record types may consequently result in resolution failures. |
1402 | This may be a valid choice if some redirection record types have been | 1402 | This may be a valid choice if some redirection record types have been |
1403 | determined to be insecure, or if an application has reasons to not | 1403 | determined to be insecure, or if an application has reasons to not |
@@ -2023,7 +2023,7 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2023 | record could not be processed <bcp14>SHOULD</bcp14> be returned in the error | 2023 | record could not be processed <bcp14>SHOULD</bcp14> be returned in the error |
2024 | description. The implementation <bcp14>MAY</bcp14> choose not to return the reason for the failure, | 2024 | description. The implementation <bcp14>MAY</bcp14> choose not to return the reason for the failure, |
2025 | merely complicating troubleshooting for the user. | 2025 | merely complicating troubleshooting for the user. |
2026 | The next steps depend on the context of the name that is beging | 2026 | The next steps depend on the context of the name that is being |
2027 | resolved: | 2027 | resolved: |
2028 | </t> | 2028 | </t> |
2029 | <ul> | 2029 | <ul> |
@@ -2085,7 +2085,7 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2085 | </t> | 2085 | </t> |
2086 | <t> | 2086 | <t> |
2087 | In order to prevent infinite loops, the resolver <bcp14>MUST</bcp14> | 2087 | In order to prevent infinite loops, the resolver <bcp14>MUST</bcp14> |
2088 | implement loop detections or limit the number of recursive | 2088 | implement loop detection or limit the number of recursive |
2089 | resolution steps. | 2089 | resolution steps. |
2090 | The loop detection <bcp14>MUST</bcp14> be effective even | 2090 | The loop detection <bcp14>MUST</bcp14> be effective even |
2091 | if a REDIRECT found in GNS triggers subsequent GNS lookups via | 2091 | if a REDIRECT found in GNS triggers subsequent GNS lookups via |
@@ -2541,7 +2541,7 @@ NICK: john (Supplemental) | |||
2541 | <section> | 2541 | <section> |
2542 | <name>Name Leakage</name> | 2542 | <name>Name Leakage</name> |
2543 | <t> | 2543 | <t> |
2544 | GNS names are indistiguishable from DNS names or other special-use | 2544 | GNS names are indistinguishable from DNS names or other special-use |
2545 | domain names <xref target="RFC6761"/>. | 2545 | domain names <xref target="RFC6761"/>. |
2546 | This poses a risk when trying to resolve a name through DNS when | 2546 | This poses a risk when trying to resolve a name through DNS when |
2547 | it is actually a GNS name. | 2547 | it is actually a GNS name. |