diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 96 |
1 files changed, 55 insertions, 41 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 25cd8fb..673db6d 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -135,6 +135,14 @@ | |||
135 | useful to other users while operating under a very strong adversary model. | 135 | useful to other users while operating under a very strong adversary model. |
136 | </t> | 136 | </t> |
137 | <t> | 137 | <t> |
138 | This is an important distinguishing factor from the Domain Name System | ||
139 | where root zone governance is centralized at the Internet Corporation | ||
140 | for Assigned Names and Numbers (ICANN). | ||
141 | In DNS terminology, GNS roughly follows the idea of a hyper-hyper | ||
142 | local root zone deployment, with the difference that it is not | ||
143 | expected that all deployments use the same local root zone. | ||
144 | </t> | ||
145 | <t> | ||
138 | This document defines the normative wire format of resource records, resolution processes, | 146 | This document defines the normative wire format of resource records, resolution processes, |
139 | cryptographic routines and security considerations for use by implementors. | 147 | cryptographic routines and security considerations for use by implementors. |
140 | </t> | 148 | </t> |
@@ -228,29 +236,29 @@ | |||
228 | blinding zk with different values for the label must result | 236 | blinding zk with different values for the label must result |
229 | in unlinkable different resulting values for zk'. | 237 | in unlinkable different resulting values for zk'. |
230 | </dd> | 238 | </dd> |
231 | <dt>S-Encrypt(zk,label,nonce,expiration,rdata) -> bdata</dt> | 239 | <dt>S-Encrypt(zk,label,nonce,expiration,message) -> ciphertext</dt> |
232 | <dd> | 240 | <dd> |
233 | is a deterministic symmetric encryption function which encrypts the record | 241 | is a deterministic symmetric encryption function which encrypts the record |
234 | data rdata based on key material derived from the public zone key, | 242 | data based on key material derived from the public zone key, |
235 | a label, a nonce and an expiration. | 243 | a label, a nonce and an expiration. |
236 | In order to leverage performance-enhancing caching features of certain | 244 | In order to leverage performance-enhancing caching features of certain |
237 | underlying storages, in particular DHTs, a deterministic encryption | 245 | underlying storages, in particular DHTs, a deterministic encryption |
238 | scheme is recommended. | 246 | scheme is recommended. |
239 | </dd> | 247 | </dd> |
240 | <dt>S-Decrypt(zk,label,nonce,expiration,bdata) -> rdata</dt> | 248 | <dt>S-Decrypt(zk,label,nonce,expiration,ciphertext) -> message</dt> |
241 | <dd> | 249 | <dd> |
242 | is a symmetric encryption function which decrypts the encrypted record | 250 | is a symmetric encryption function which decrypts the encrypted record |
243 | data bdata based on key material derived from the public zone key, | 251 | data based on key material derived from the public zone key, |
244 | a label, a nonce an expiration. | 252 | a label, a nonce an expiration. |
245 | </dd> | 253 | </dd> |
246 | <dt>Sign(d',bdata) -> sig</dt> | 254 | <dt>Sign(d',message) -> signature</dt> |
247 | <dd> | 255 | <dd> |
248 | is a function to sign bdata using the (blinded) private key | 256 | is a function to sign encrypted record data using the (blinded) private |
249 | d', yielding an unforgable cryptographic signature. | 257 | key d', yielding an unforgable cryptographic signature. |
250 | </dd> | 258 | </dd> |
251 | <dt>Verify(zk',bdata,sig) -> valid</dt> | 259 | <dt>Verify(zk',message,signature) -> valid</dt> |
252 | <dd> | 260 | <dd> |
253 | is a function to verify the signature sig was created by | 261 | is a function to verify the signature was created by |
254 | the a private key d' derived from d and a label if | 262 | the a private key d' derived from d and a label if |
255 | zk' was derived from the corresponding zone key | 263 | zk' was derived from the corresponding zone key |
256 | zk := Public-Keygen(d) and same label. | 264 | zk := Public-Keygen(d) and same label. |
@@ -375,7 +383,8 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62] | |||
375 | </t> | 383 | </t> |
376 | <t> | 384 | <t> |
377 | A GNS resource record holds the data of a specific record in a zone. | 385 | A GNS resource record holds the data of a specific record in a zone. |
378 | The resource record format is defined in <xref target="figure_gnsrecord"/>. | 386 | The resource record format is defined in |
387 | <xref target="figure_gnsrecord"/>. | ||
379 | </t> | 388 | </t> |
380 | <figure anchor="figure_gnsrecord"> | 389 | <figure anchor="figure_gnsrecord"> |
381 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 390 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
@@ -428,9 +437,14 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62] | |||
428 | </dl> | 437 | </dl> |
429 | <t> | 438 | <t> |
430 | Flags indicate metadata surrounding the resource record. A flag | 439 | Flags indicate metadata surrounding the resource record. A flag |
431 | value of 0 indicates that all flags are unset. <xref target="figure_flag"/> | 440 | value of 0 indicates that all flags are unset. |
441 | Any GNS implementation MUST process all flags which are set in the | ||
442 | FLAGS field. If an implementation encounters a flag which it does not | ||
443 | recognize, the resource record is not valid and MUST be discarded. | ||
444 | <xref target="figure_flag"/> | ||
432 | illustrates the flag distribution in the 32-bit flag value of a | 445 | illustrates the flag distribution in the 32-bit flag value of a |
433 | resource record:</t> | 446 | resource record: |
447 | </t> | ||
434 | <figure anchor="figure_flag"> | 448 | <figure anchor="figure_flag"> |
435 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 449 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
436 | 0 1 2 3 4 5... | 450 | 0 1 2 3 4 5... |
@@ -482,7 +496,9 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62] | |||
482 | This section defines the initial set of zone delegation record types. | 496 | This section defines the initial set of zone delegation record types. |
483 | Any implementation MUST support at least one of the zone types and | 497 | Any implementation MUST support at least one of the zone types and |
484 | MAY support any number of additional delegation records defined in | 498 | MAY support any number of additional delegation records defined in |
485 | the GNU Name System Record Types registry <xref target="gana"/>. | 499 | the GNU Name System Record Types registry <xref target="gana"/>. |
500 | Zone delegation records MUST NOT be stored and published under the | ||
501 | empty label. | ||
486 | </t> | 502 | </t> |
487 | <section anchor="gnsrecords_pkey" numbered="true" toc="default"> | 503 | <section anchor="gnsrecords_pkey" numbered="true" toc="default"> |
488 | <name>PKEY</name> | 504 | <name>PKEY</name> |
@@ -600,8 +616,8 @@ zk' := h mod L * zk | |||
600 | as defined in <xref target="MODES" /> (CTR-AES-256): | 616 | as defined in <xref target="MODES" /> (CTR-AES-256): |
601 | </t> | 617 | </t> |
602 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 618 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
603 | RDATA := CTR-AES256(K, IV, BDATA) | 619 | DATA := CTR-AES256(K, IV, CIPHERTEXT) |
604 | BDATA := CTR-AES256(K, IV, RDATA) | 620 | CIPHERTEXT := CTR-AES256(K, IV, DATA) |
605 | ]]></artwork> | 621 | ]]></artwork> |
606 | <t> | 622 | <t> |
607 | The key K and counter IV are derived from | 623 | The key K and counter IV are derived from |
@@ -812,15 +828,15 @@ S * G == R + SHA512(R, zk', M) * zk' | |||
812 | (XSalsa20-Poly1305): | 828 | (XSalsa20-Poly1305): |
813 | </t> | 829 | </t> |
814 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 830 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
815 | RDATA := XSalsa20(K, IV, BDATA) | 831 | DATA := XSalsa20(K, IV, CIPHERTEXT) |
816 | BDATA := XSalsa20(K, IV, RDATA) = CIPHERTEXT | TAG | 832 | CIPHERTEXT := XSalsa20(K, IV, DATA) = CIPHERTEXT | TAG |
817 | ]]></artwork> | 833 | ]]></artwork> |
818 | <t> | 834 | <t> |
819 | The result of the XSalsa20 encryption function is the encrypted | 835 | The result of the XSalsa20 encryption function is the encrypted |
820 | ciphertext concatenated with the 128-bit authentication | 836 | ciphertext concatenated with the 128-bit authentication |
821 | tag TAG. | 837 | tag TAG. |
822 | Accordingly, the length of BDATA equals the length of the | 838 | Accordingly, the length of encrypted data equals the length of the |
823 | RDATA plus the 16 bytes of the authentication tag. | 839 | data plus the 16 bytes of the authentication tag. |
824 | </t> | 840 | </t> |
825 | <t> | 841 | <t> |
826 | The key K and counter IV are derived from | 842 | The key K and counter IV are derived from |
@@ -1128,7 +1144,7 @@ value := GET(key) | |||
1128 | PUT storage procedure in order to update the zone contents. | 1144 | PUT storage procedure in order to update the zone contents. |
1129 | </t> | 1145 | </t> |
1130 | <section anchor="blinding" numbered="true" toc="default"> | 1146 | <section anchor="blinding" numbered="true" toc="default"> |
1131 | <name>Storage Key</name> | 1147 | <name>The Storage Key</name> |
1132 | <t> | 1148 | <t> |
1133 | Given a label, the storage key q is derived as follows: | 1149 | Given a label, the storage key q is derived as follows: |
1134 | </t> | 1150 | </t> |
@@ -1152,7 +1168,7 @@ q := SHA512 (HDKD-Public(zk, label)) | |||
1152 | </dl> | 1168 | </dl> |
1153 | </section> | 1169 | </section> |
1154 | <section anchor="records_block" numbered="true" toc="default"> | 1170 | <section anchor="records_block" numbered="true" toc="default"> |
1155 | <name>Records Block</name> | 1171 | <name>The Records Block (RRBLOCK)</name> |
1156 | <t> | 1172 | <t> |
1157 | GNS records are grouped by their labels and published as a single | 1173 | GNS records are grouped by their labels and published as a single |
1158 | block in the storage. The grouped record sets MAY be paired with any | 1174 | block in the storage. The grouped record sets MAY be paired with any |
@@ -1244,7 +1260,7 @@ q := SHA512 (HDKD-Public(zk, label)) | |||
1244 | </dd> | 1260 | </dd> |
1245 | <dt>BDATA</dt> | 1261 | <dt>BDATA</dt> |
1246 | <dd> | 1262 | <dd> |
1247 | The encrypted resource records with a total size of SIZE - 16. | 1263 | The encrypted RDATA with a total size of SIZE - 16. |
1248 | </dd> | 1264 | </dd> |
1249 | </dl> | 1265 | </dl> |
1250 | <t> | 1266 | <t> |
@@ -1597,15 +1613,7 @@ q := SHA512 (HDKD-Public(zk, label)) | |||
1597 | of the zone owner. However, the choice of start zone(s) is at the sole | 1613 | of the zone owner. However, the choice of start zone(s) is at the sole |
1598 | discretion of the local system administrator or user. | 1614 | discretion of the local system administrator or user. |
1599 | </t> | 1615 | </t> |
1600 | <t> | 1616 | <t> |
1601 | This is an important distinguishing factor from the Domain Name System | ||
1602 | where root zone governance is centralized at the Internet Corporation | ||
1603 | for Assigned Names and Numbers (ICANN). | ||
1604 | In DNS terminology, GNS roughly follows the idea of a hyper-hyper | ||
1605 | local root zone deployment, with the difference that it is not | ||
1606 | expected that all deployments use the same local root zone. | ||
1607 | </t> | ||
1608 | <t> | ||
1609 | In the following, we give examples how a local client resolver SHOULD | 1617 | In the following, we give examples how a local client resolver SHOULD |
1610 | discover the start zone. The process given is not exhaustive and | 1618 | discover the start zone. The process given is not exhaustive and |
1611 | clients MAY supplement it with other mechanisms or ignore it if the | 1619 | clients MAY supplement it with other mechanisms or ignore it if the |
@@ -1635,11 +1643,11 @@ Example name: www.example.<zTLD> | |||
1635 | Example name: www.example.org | 1643 | Example name: www.example.org |
1636 | Local zones: | 1644 | Local zones: |
1637 | fr = (d0,zk0) | 1645 | fr = (d0,zk0) |
1638 | gnu = (d1,zk1) | 1646 | org = (d1,zk1) |
1639 | com = (d2,zk2) | 1647 | com = (d2,zk2) |
1640 | ... | 1648 | ... |
1641 | => Entry zone: zk1 | 1649 | => Root zone: zk1 |
1642 | => Name to resolve from entry zone: www.example | 1650 | => Name to resolve from root zone: www.example |
1643 | ]]></artwork> | 1651 | ]]></artwork> |
1644 | <t> | 1652 | <t> |
1645 | Finally, additional "suffix-to-zone" mappings MAY be configured. | 1653 | Finally, additional "suffix-to-zone" mappings MAY be configured. |
@@ -1648,9 +1656,10 @@ com = (d2,zk2) | |||
1648 | The suffix MAY consist of multiple GNS labels concatenated with a | 1656 | The suffix MAY consist of multiple GNS labels concatenated with a |
1649 | ".". If multiple suffixes match the name to resolve, the longest | 1657 | ".". If multiple suffixes match the name to resolve, the longest |
1650 | matching suffix MUST be used. The suffix length of two results | 1658 | matching suffix MUST be used. The suffix length of two results |
1651 | cannot be equal, as this would indicate a misconfiguration. | 1659 | MUST NOT be equal. This indicates a misconfiguration and the |
1652 | If both a locally managed zone and a configuration entry exist | 1660 | implementation MUST return an error. |
1653 | for the same suffix, the locally managed zone MUST have priority. | 1661 | If both a locally managed zone and a configuration entry exist |
1662 | for the same suffix, the locally managed zone MUST have priority. | ||
1654 | </t> | 1663 | </t> |
1655 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1664 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1656 | Example name: www.example.org | 1665 | Example name: www.example.org |
@@ -1659,8 +1668,8 @@ gnu = zk0 | |||
1659 | example.org = zk1 | 1668 | example.org = zk1 |
1660 | example.com = zk2 | 1669 | example.com = zk2 |
1661 | ... | 1670 | ... |
1662 | => Entry zone: zk1 | 1671 | => Root zone: zk1 |
1663 | => Name to resolve from entry zone: www | 1672 | => Name to resolve from root zone: www |
1664 | ]]></artwork> | 1673 | ]]></artwork> |
1665 | </section> | 1674 | </section> |
1666 | 1675 | ||
@@ -1700,7 +1709,7 @@ example.com = zk2 | |||
1700 | At this point, we must first determine if we have received a valid | 1709 | At this point, we must first determine if we have received a valid |
1701 | record set in the context of the name we are trying to resolve: | 1710 | record set in the context of the name we are trying to resolve: |
1702 | </t> | 1711 | </t> |
1703 | <ol> | 1712 | <ul> |
1704 | <li> | 1713 | <li> |
1705 | Case 1: | 1714 | Case 1: |
1706 | If the remainder of the name to resolve is empty and the record set | 1715 | If the remainder of the name to resolve is empty and the record set |
@@ -1730,7 +1739,7 @@ example.com = zk2 | |||
1730 | for the record type MUST be considered and possible conversions such as | 1739 | for the record type MUST be considered and possible conversions such as |
1731 | defined in <xref target="vpn_processing" /> MUST be performed. | 1740 | defined in <xref target="vpn_processing" /> MUST be performed. |
1732 | </li> | 1741 | </li> |
1733 | </ol> | 1742 | </ul> |
1734 | <section anchor="delegation_processing" numbered="true" toc="default"> | 1743 | <section anchor="delegation_processing" numbered="true" toc="default"> |
1735 | <name>Zone Delegation Records</name> | 1744 | <name>Zone Delegation Records</name> |
1736 | <t> | 1745 | <t> |
@@ -1748,6 +1757,11 @@ example.com = zk2 | |||
1748 | unknown SHOULD be returned in the error description. The | 1757 | unknown SHOULD be returned in the error description. The |
1749 | implementation MAY choose not to return the reason for the failure, | 1758 | implementation MAY choose not to return the reason for the failure, |
1750 | merely impacting troubleshooting information for the user. | 1759 | merely impacting troubleshooting information for the user. |
1760 | Implementations MUST NOT process zone delegation for the empty | ||
1761 | apex label "@". Upon encountering a zone delegation record under | ||
1762 | this label, resolution fails and an error MUST be returned. The | ||
1763 | implementation MAY choose not to return the reason for the failure, | ||
1764 | merely impacting troubleshooting information for the user. | ||
1751 | </t> | 1765 | </t> |
1752 | <t> | 1766 | <t> |
1753 | If the remainder of the name to resolve is empty and we have | 1767 | If the remainder of the name to resolve is empty and we have |