diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 5094f79..f8cb2fe 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -193,12 +193,15 @@ | |||
193 | Within this document, labels are always assumed to be strings of | 193 | Within this document, labels are always assumed to be strings of |
194 | UTF-8 characters <xref target="RFC8499"/> with a maximum length of | 194 | UTF-8 characters <xref target="RFC8499"/> with a maximum length of |
195 | 63 bytes. Labels MUST be canonicalized using | 195 | 63 bytes. Labels MUST be canonicalized using |
196 | Normalization Form C (NFC) <xref target="Unicode-UAX15"/>. | 196 | Normalization Form C (NFC) <xref target="Unicode-UAX15"/>. |
197 | The empty label is represented using the character "@" (without | 197 | </dd> |
198 | <dt>Apex Label</t> | ||
199 | <dd> | ||
200 | The apex label is represented using the character "@" (without | ||
198 | quotes). | 201 | quotes). |
199 | The empty label is used to publish resource | 202 | The apex label is used to publish resource |
200 | records in a zone that can be resolved without providing a specific | 203 | records in a zone that can be resolved without providing a specific |
201 | label. It is the GNS method provide what is the "zone apex" in DNS | 204 | name. It is the GNS method to provide what is the "zone apex" in DNS |
202 | <xref target="RFC4033"/>. | 205 | <xref target="RFC4033"/>. |
203 | </dd> | 206 | </dd> |
204 | <dt>Name</dt> | 207 | <dt>Name</dt> |
@@ -222,7 +225,7 @@ | |||
222 | <dd> | 225 | <dd> |
223 | A GNS zone contains authoritative information (resource records). | 226 | A GNS zone contains authoritative information (resource records). |
224 | A zone is uniquely identified by its zone key. Unlike DNS zones, | 227 | A zone is uniquely identified by its zone key. Unlike DNS zones, |
225 | a GNS zone does not need to have a SOA record under the empty label. | 228 | a GNS zone does not need to have a SOA record under the apex label. |
226 | </dd> | 229 | </dd> |
227 | <dt>Zone Type</dt> | 230 | <dt>Zone Type</dt> |
228 | <dd> | 231 | <dd> |
@@ -908,7 +911,7 @@ zTLD := zkl[126..129].zkl[63..125].zkl[0..62] | |||
908 | determined to be cryptographically insecure, or if an application has | 911 | determined to be cryptographically insecure, or if an application has |
909 | reasons to not support delegation to DNS for reasons such as complexity | 912 | reasons to not support delegation to DNS for reasons such as complexity |
910 | or security. Zone delegation records MUST NOT be stored and published | 913 | or security. Zone delegation records MUST NOT be stored and published |
911 | under the empty label. | 914 | under the apex label. |
912 | A zone delegation record type value is the same as the respective ztype | 915 | A zone delegation record type value is the same as the respective ztype |
913 | value. | 916 | value. |
914 | The ztype defines the cryptographic primitives for the zone that is | 917 | The ztype defines the cryptographic primitives for the zone that is |
@@ -1486,7 +1489,7 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1486 | This is a suggestion to other zones what label to use when creating a | 1489 | This is a suggestion to other zones what label to use when creating a |
1487 | delegation record (<xref target="gnsrecords_delegation" />) containing | 1490 | delegation record (<xref target="gnsrecords_delegation" />) containing |
1488 | this zone key. | 1491 | this zone key. |
1489 | This record SHOULD only be stored under the empty label "@" but MAY be | 1492 | This record SHOULD only be stored under the apex label "@" but MAY be |
1490 | returned with record sets under any label as a supplemental record. | 1493 | returned with record sets under any label as a supplemental record. |
1491 | <xref target="nick_processing"/> details how a resolver must process | 1494 | <xref target="nick_processing"/> details how a resolver must process |
1492 | supplemental and non-supplemental NICK records. | 1495 | supplemental and non-supplemental NICK records. |
@@ -1939,7 +1942,7 @@ example.com = zk2 | |||
1939 | In each step of the recursive name resolution, there is an | 1942 | In each step of the recursive name resolution, there is an |
1940 | authoritative zone zk and a name to resolve. The name may be empty. | 1943 | authoritative zone zk and a name to resolve. The name may be empty. |
1941 | Initially, the authoritative zone is the start zone. If the name | 1944 | Initially, the authoritative zone is the start zone. If the name |
1942 | is empty, it is interpreted as the empty label "@". | 1945 | is empty, it is interpreted as the apex label "@". |
1943 | </t> | 1946 | </t> |
1944 | <t> | 1947 | <t> |
1945 | From here, the following steps are recursively executed, in order: | 1948 | From here, the following steps are recursively executed, in order: |
@@ -2097,7 +2100,7 @@ example.com = zk2 | |||
2097 | and provide a consistent security profile for all name resolutions. | 2100 | and provide a consistent security profile for all name resolutions. |
2098 | Such resolvers would return an empty record set upon encountering | 2101 | Such resolvers would return an empty record set upon encountering |
2099 | a GNS2DNS record during the recursion. However, if GNS2DNS records | 2102 | a GNS2DNS record during the recursion. However, if GNS2DNS records |
2100 | are encountered in the record set for the empty label and a GNS2DNS record | 2103 | are encountered in the record set for the apex label and a GNS2DNS record |
2101 | is explicitly requested by the application, such records MUST | 2104 | is explicitly requested by the application, such records MUST |
2102 | still be returned, even if DNS support is disabled by the | 2105 | still be returned, even if DNS support is disabled by the |
2103 | GNS resolver configuration. | 2106 | GNS resolver configuration. |
@@ -2126,7 +2129,7 @@ example.com = zk2 | |||
2126 | delegations under a single label. | 2129 | delegations under a single label. |
2127 | Implementations MAY support any subset of ztypes. | 2130 | Implementations MAY support any subset of ztypes. |
2128 | Handling of | 2131 | Handling of |
2129 | Implementations MUST NOT process zone delegation for the empty | 2132 | Implementations MUST NOT process zone delegation for the apex |
2130 | label "@". Upon encountering a zone delegation record under | 2133 | label "@". Upon encountering a zone delegation record under |
2131 | this label, resolution fails and an error MUST be returned. The | 2134 | this label, resolution fails and an error MUST be returned. The |
2132 | implementation MAY choose not to return the reason for the failure, | 2135 | implementation MAY choose not to return the reason for the failure, |
@@ -2136,7 +2139,7 @@ example.com = zk2 | |||
2136 | If the remainder of the name to resolve is empty and we have | 2139 | If the remainder of the name to resolve is empty and we have |
2137 | received a record set containing only a single delegation record, the | 2140 | received a record set containing only a single delegation record, the |
2138 | recursion is continued with the record value as authoritative zone | 2141 | recursion is continued with the record value as authoritative zone |
2139 | and the empty label "@" as remaining name. | 2142 | and the apex label "@" as remaining name. |
2140 | Except in the case where the desired record type as specified by | 2143 | Except in the case where the desired record type as specified by |
2141 | the client is equal to the ztype, in which case the delegation | 2144 | the client is equal to the ztype, in which case the delegation |
2142 | record is returned. | 2145 | record is returned. |
@@ -2170,7 +2173,7 @@ NICK: eve (non-Supplemental) | |||
2170 | <t> | 2173 | <t> |
2171 | In this example, the returned NICK record is non-supplemental. | 2174 | In this example, the returned NICK record is non-supplemental. |
2172 | For the client, this means that the NICK belongs to the zone | 2175 | For the client, this means that the NICK belongs to the zone |
2173 | "alice.example" and is published under the empty label along with an A | 2176 | "alice.example" and is published under the apex label along with an A |
2174 | record. The NICK record should be interpreted as: The zone defined by | 2177 | record. The NICK record should be interpreted as: The zone defined by |
2175 | "alice.example" wants to be referred to as "eve". | 2178 | "alice.example" wants to be referred to as "eve". |
2176 | In contrast, consider the following: | 2179 | In contrast, consider the following: |