diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
| -rw-r--r-- | draft-schanzen-gns.xml | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 7dfec74..2d9f75e 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
| @@ -1425,9 +1425,15 @@ NONCE := HKDF-Expand (PRK_n, label, 128 / 8) | |||
| 1425 | <name>BOX</name> | 1425 | <name>BOX</name> |
| 1426 | <t> | 1426 | <t> |
| 1427 | In GNS, with the notable exception of zTLDs, every "." in a name | 1427 | In GNS, with the notable exception of zTLDs, every "." in a name |
| 1428 | delegates to another zone, and | 1428 | delegates to another zone. Furthermore, |
| 1429 | GNS lookups are expected to return all of the required useful | 1429 | GNS lookups are expected to return all of the required useful |
| 1430 | information in one record set. This is incompatible with the | 1430 | information in one record set. This avoids unnecessary additional |
| 1431 | lookups and cryptographically ties together information that belongs | ||
| 1432 | together, making it impossible for an adversarial storage to provide | ||
| 1433 | partial answers that might omit information critical for security. | ||
| 1434 | </t> | ||
| 1435 | <t> | ||
| 1436 | However, this general strategy of is incompatible with the | ||
| 1431 | special labels used by DNS for SRV and TLSA records. Thus, GNS | 1437 | special labels used by DNS for SRV and TLSA records. Thus, GNS |
| 1432 | defines the BOX record format to box up SRV and TLSA records and | 1438 | defines the BOX record format to box up SRV and TLSA records and |
| 1433 | include them in the record set of the label they are associated | 1439 | include them in the record set of the label they are associated |