diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index a90c318..01b0a05 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -37,13 +37,13 @@ | |||
37 | <?rfc sortrefs="yes" ?> | 37 | <?rfc sortrefs="yes" ?> |
38 | <?rfc compact="yes" ?> | 38 | <?rfc compact="yes" ?> |
39 | <?rfc subcompact="no" ?> | 39 | <?rfc subcompact="no" ?> |
40 | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-schanzen-gns-20" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" version="3"> | 40 | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-schanzen-gns-21" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" version="3"> |
41 | <!-- xml2rfc v2v3 conversion 2.26.0 --> | 41 | <!-- xml2rfc v2v3 conversion 2.26.0 --> |
42 | <front> | 42 | <front> |
43 | <title abbrev="The GNU Name System"> | 43 | <title abbrev="The GNU Name System"> |
44 | The GNU Name System | 44 | The GNU Name System |
45 | </title> | 45 | </title> |
46 | <seriesInfo name="Internet-Draft" value="draft-schanzen-gns-20"/> | 46 | <seriesInfo name="Internet-Draft" value="draft-schanzen-gns-21"/> |
47 | <author fullname="Martin Schanzenbach" initials="M." surname="Schanzenbach"> | 47 | <author fullname="Martin Schanzenbach" initials="M." surname="Schanzenbach"> |
48 | <organization>Fraunhofer AISEC</organization> | 48 | <organization>Fraunhofer AISEC</organization> |
49 | <address> | 49 | <address> |
@@ -2749,16 +2749,20 @@ NICK: john (Supplemental) | |||
2749 | "Single Hierarchy with a Centrally Controlled Root" and | 2749 | "Single Hierarchy with a Centrally Controlled Root" and |
2750 | "Distribution and Management of Root Servers" as raised in | 2750 | "Distribution and Management of Root Servers" as raised in |
2751 | <xref target="RFC8324"/>. | 2751 | <xref target="RFC8324"/>. |
2752 | In the Domain Name System root zone governance is centralized at the | 2752 | In DNS, those issues are a direct result from the centralized root |
2753 | Internet Corporation for Assigned Names and Numbers (ICANN). | 2753 | zone governance at the Internet Corporation for Assigned Names and |
2754 | GNS can be used to leverage the transitivity in the SDSI design to | 2754 | Numbers (ICANN) which allows it to provide globally unique names. |
2755 | replace the trusted root with secure delegation of authority thus | 2755 | </t> |
2756 | making petnames useful to other users while operating under a very | 2756 | <t> |
2757 | strong adversary model. | 2757 | In GNS, start zones give users local authority over their preferred |
2758 | By building on the ideas from SDSI, GNS allows to address a central | 2758 | root zone governance. |
2759 | issue with the decentralized mapping of secure identifiers to memorable | 2759 | It enables users to replace or enhance a trusted root zone |
2760 | names: namely the impossiblity of providing a global, secure and | 2760 | configuration provided by a third party (e.g. the implementer or a |
2761 | memorable mapping without a trusted authority. | 2761 | multi-stakeholder governance body like ICANN) with secure delegation of |
2762 | authority using local petnames while operating under a | ||
2763 | very strong adversary model. | ||
2764 | In combination with zTLDs, this provides users of GNS with a global, | ||
2765 | secure and memorable mapping without a trusted authority. | ||
2762 | </t> | 2766 | </t> |
2763 | <t> | 2767 | <t> |
2764 | Any GNS implementation <bcp14>MAY</bcp14> provide a default | 2768 | Any GNS implementation <bcp14>MAY</bcp14> provide a default |
@@ -2771,15 +2775,15 @@ NICK: john (Supplemental) | |||
2771 | Technically, the GNS protocol can be used to resolve names in the | 2775 | Technically, the GNS protocol can be used to resolve names in the |
2772 | namespace of the global DNS. | 2776 | namespace of the global DNS. |
2773 | However, this would require the respective governance bodies and | 2777 | However, this would require the respective governance bodies and |
2774 | stakeholders to standardize the use of GNS for this particular use | 2778 | stakeholders (e.g. IETF and ICANN) to standardize the use of GNS for this particular use |
2775 | case and publish their zones accordingly. | 2779 | case. |
2776 | </t> | 2780 | </t> |
2777 | <t> | 2781 | <t> |
2778 | However, this capability means that by definition GNS names may be | 2782 | However, this capability implies that GNS names may be |
2779 | indistinguishable from DNS names in their | 2783 | indistinguishable from DNS names in their |
2780 | respective common display format <xref target="RFC8499"/> or | 2784 | respective common display format <xref target="RFC8499"/> or |
2781 | other special-use domain names <xref target="RFC6761"/> given | 2785 | other special-use domain names <xref target="RFC6761"/> if |
2782 | a local GNS start zone configuration that maps suffixes from the | 2786 | a local start zone configuration maps suffixes from the |
2783 | global DNS to GNS zones. | 2787 | global DNS to GNS zones. |
2784 | For applications, it is then ambiguous which name system should be | 2788 | For applications, it is then ambiguous which name system should be |
2785 | used in order to resolve a given name. | 2789 | used in order to resolve a given name. |