diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
| -rw-r--r-- | draft-schanzen-gns.xml | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index a9a9689..12f111e 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
| @@ -1450,6 +1450,18 @@ example.com = zk2 | |||
| 1450 | this document will be issued from time to time to reflect the current | 1450 | this document will be issued from time to time to reflect the current |
| 1451 | best practices in this area. | 1451 | best practices in this area. |
| 1452 | </t> | 1452 | </t> |
| 1453 | <t> | ||
| 1454 | GNS uses ECDSA over Curve25519. This is an unconventional choice, | ||
| 1455 | as ECDSA is usually used with other curves. However, traditional | ||
| 1456 | ECDSA curves are problematic for a range of reasons described in | ||
| 1457 | the Curve25519 and EdDSA papers. Using EdDSA directly is also | ||
| 1458 | not possible, as a hash function is used on the private key which | ||
| 1459 | destroys the linearity that the GNU Name System depends upon. | ||
| 1460 | We are not aware of anyone suggesting that using Curve25519 instead | ||
| 1461 | of another common curve of similar size would lower the security of | ||
| 1462 | ECDSA. GNS uses 256-bit curves because that way the encoded (public) | ||
| 1463 | keys fit into a single DNS label, which is good for usability. | ||
| 1464 | </t> | ||
| 1453 | </section> | 1465 | </section> |
| 1454 | <section anchor="security_abuse" numbered="true" toc="default"> | 1466 | <section anchor="security_abuse" numbered="true" toc="default"> |
| 1455 | <name>Abuse mitigation</name> | 1467 | <name>Abuse mitigation</name> |
| @@ -1468,6 +1480,7 @@ example.com = zk2 | |||
| 1468 | However, the same mechanisms can also be abused in order to impose | 1480 | However, the same mechanisms can also be abused in order to impose |
| 1469 | state censorship, which ist one of the motivations behind GNS. | 1481 | state censorship, which ist one of the motivations behind GNS. |
| 1470 | Hence, such a seizure is, by design, difficult to impossible in GNS. | 1482 | Hence, such a seizure is, by design, difficult to impossible in GNS. |
| 1483 | In particular, GNS does not support WHOIS (<xref target="RFC3912" />). | ||
| 1471 | </t> | 1484 | </t> |
| 1472 | </section> | 1485 | </section> |
| 1473 | <section anchor="security_keymanagement" numbered="true" toc="default"> | 1486 | <section anchor="security_keymanagement" numbered="true" toc="default"> |
| @@ -1475,11 +1488,13 @@ example.com = zk2 | |||
| 1475 | <t> | 1488 | <t> |
| 1476 | In GNS, zone administrators need to manage and protect their zone | 1489 | In GNS, zone administrators need to manage and protect their zone |
| 1477 | keys. Once a zone key is lost it cannot be recovered. Once it is | 1490 | keys. Once a zone key is lost it cannot be recovered. Once it is |
| 1478 | compromised it cannot be revoked (unless a revocation was | 1491 | compromised it cannot be revoked (unless a revocation message was |
| 1479 | pre-calculated and is still available). | 1492 | pre-calculated and is still available). |
| 1480 | Zone administrators, and for GNS this includes end-users, are | 1493 | Zone administrators, and for GNS this includes end-users, are |
| 1481 | required to responsibly and dilligently protect their cryptographic | 1494 | required to responsibly and dilligently protect their cryptographic |
| 1482 | keys. | 1495 | keys. Offline signing is in principle possible, but GNS does not |
| 1496 | support separate zone signing and key-signing keys | ||
| 1497 | (as in <xref target="RFC6781" />) in order to provide usable security. | ||
| 1483 | </t> | 1498 | </t> |
| 1484 | <t> | 1499 | <t> |
| 1485 | Similarly, users are required to manage their local root zone. | 1500 | Similarly, users are required to manage their local root zone. |
| @@ -1519,16 +1534,16 @@ example.com = zk2 | |||
| 1519 | key is lost, compromised or replaced in the furture. | 1534 | key is lost, compromised or replaced in the furture. |
| 1520 | Pre-calculated revocations may become invalid due to expirations | 1535 | Pre-calculated revocations may become invalid due to expirations |
| 1521 | or protocol changes such as epoch adjustments. | 1536 | or protocol changes such as epoch adjustments. |
| 1522 | Conseuquently, implementors and users must make precautions in order | 1537 | Consequently, implementors and users must make precautions in order |
| 1523 | to manage revocations accordingly. | 1538 | to manage revocations accordingly. |
| 1524 | </t> | 1539 | </t> |
| 1525 | <t> | 1540 | <t> |
| 1526 | Revocation payloads do NOT include a 'new' key for key replacement. | 1541 | Revocation payloads do NOT include a 'new' key for key replacement. |
| 1527 | In inclusion of such a key would have two major disadvantages: | 1542 | Inclusion of such a key would have two major disadvantages: |
| 1528 | </t> | 1543 | </t> |
| 1529 | <t> | 1544 | <t> |
| 1530 | If revocation is used after a private key was compromised, | 1545 | If revocation is used after a private key was compromised, |
| 1531 | allowing key replacement would be dangerous, because if an | 1546 | allowing key replacement would be dangerous: if an |
| 1532 | adversary took over the private key, the adversary could then | 1547 | adversary took over the private key, the adversary could then |
| 1533 | broadcast a revocation with a key replacement. For the replacement, | 1548 | broadcast a revocation with a key replacement. For the replacement, |
| 1534 | the compromised owner would have no chance to issue even a | 1549 | the compromised owner would have no chance to issue even a |
| @@ -1552,7 +1567,7 @@ example.com = zk2 | |||
| 1552 | <name>GANA Considerations</name> | 1567 | <name>GANA Considerations</name> |
| 1553 | <t> | 1568 | <t> |
| 1554 | GANA is requested to create an "GNU Name System Record Types" registry. | 1569 | GANA is requested to create an "GNU Name System Record Types" registry. |
| 1555 | The registry shall record for each entry: | 1570 | The registry shall record for each entry: |
| 1556 | </t> | 1571 | </t> |
| 1557 | <ul> | 1572 | <ul> |
| 1558 | <li>Name: The name of the record type (case-insensitive ASCII | 1573 | <li>Name: The name of the record type (case-insensitive ASCII |
| @@ -1581,11 +1596,10 @@ Number | Name | Contact | References | Description | |||
| 1581 | 65540 | GNS2DNS | N/A | [This.I-D] | Delegation to DNS | 1596 | 65540 | GNS2DNS | N/A | [This.I-D] | Delegation to DNS |
| 1582 | 65541 | BOX | N/A | [This.I-D] | Boxed record | 1597 | 65541 | BOX | N/A | [This.I-D] | Boxed record |
| 1583 | ]]></artwork> | 1598 | ]]></artwork> |
| 1584 | <!-- <postamble>which is a very simple example.</postamble>--> | ||
| 1585 | </figure> | 1599 | </figure> |
| 1586 | 1600 | ||
| 1587 | </section> | 1601 | </section> |
| 1588 | <!-- iana --> | 1602 | <!-- gana --> |
| 1589 | <section> | 1603 | <section> |
| 1590 | <name>Test Vectors</name> | 1604 | <name>Test Vectors</name> |
| 1591 | <t> | 1605 | <t> |
| @@ -1677,9 +1691,11 @@ bEclYC3aE2+fjSDDfRpdnv3gGHMckMceVbgymHZDlfA= | |||
| 1677 | &RFC2119; | 1691 | &RFC2119; |
| 1678 | &RFC3629; | 1692 | &RFC3629; |
| 1679 | &RFC3826; | 1693 | &RFC3826; |
| 1694 | &RFC3912; | ||
| 1680 | &RFC5869; | 1695 | &RFC5869; |
| 1681 | &RFC5890; | 1696 | &RFC5890; |
| 1682 | &RFC5891; | 1697 | &RFC5891; |
| 1698 | &RFC6781; | ||
| 1683 | &RFC6895; | 1699 | &RFC6895; |
| 1684 | &RFC6979; | 1700 | &RFC6979; |
| 1685 | &RFC7748; | 1701 | &RFC7748; |