diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 286 |
1 files changed, 143 insertions, 143 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index e5644bc..2a672c6 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -198,9 +198,9 @@ | |||
198 | list of labels concatenated with a label separator. | 198 | list of labels concatenated with a label separator. |
199 | Names are resolved starting from the rightmost label. | 199 | Names are resolved starting from the rightmost label. |
200 | GNS does not impose length restrictions on names or labels. | 200 | GNS does not impose length restrictions on names or labels. |
201 | However, applications MAY ensure that name and label lengths are | 201 | However, applications <bcp14>MAY</bcp14> ensure that name and label lengths are |
202 | compatible with DNS and in particular IDNA <xref target="RFC5890"/>. | 202 | compatible with DNS and in particular IDNA <xref target="RFC5890"/>. |
203 | In the spirit of <xref target="RFC5895"/>, applications MAY preprocess | 203 | In the spirit of <xref target="RFC5895"/>, applications <bcp14>MAY</bcp14> preprocess |
204 | names and labels to ensure compatibility with DNS or support | 204 | names and labels to ensure compatibility with DNS or support |
205 | specific user expectations, for example according to | 205 | specific user expectations, for example according to |
206 | <xref target="Unicode-UTS46"/>. | 206 | <xref target="Unicode-UTS46"/>. |
@@ -213,7 +213,7 @@ | |||
213 | The apex label, label separator and the extension label have | 213 | The apex label, label separator and the extension label have |
214 | special purposes in the resolution protocol which are defined | 214 | special purposes in the resolution protocol which are defined |
215 | in the rest of the document. | 215 | in the rest of the document. |
216 | Zone administrators MAY disallow certain labels that may be easily | 216 | Zone administrators <bcp14>MAY</bcp14> disallow certain labels that may be easily |
217 | confused with other labels through registration policies. | 217 | confused with other labels through registration policies. |
218 | </dd> | 218 | </dd> |
219 | <dt>Apex Label</dt> | 219 | <dt>Apex Label</dt> |
@@ -228,7 +228,7 @@ | |||
228 | <dt>Extension Label</dt> | 228 | <dt>Extension Label</dt> |
229 | <dd> | 229 | <dd> |
230 | If a name ends with the extension label the rest of the name | 230 | If a name ends with the extension label the rest of the name |
231 | MUST be interpreted relative to the current zone in the resolution process. | 231 | <bcp14>MUST</bcp14> be interpreted relative to the current zone in the resolution process. |
232 | The primary use for this is in redirections where the redirection | 232 | The primary use for this is in redirections where the redirection |
233 | target is defined relative to the authoritative zone of the redirection | 233 | target is defined relative to the authoritative zone of the redirection |
234 | record (<xref target="gnsrecords_redirect"/>). | 234 | record (<xref target="gnsrecords_redirect"/>). |
@@ -377,7 +377,7 @@ | |||
377 | Each zone can be represented by a Zone Top-Level Domain (zTLD) string. | 377 | Each zone can be represented by a Zone Top-Level Domain (zTLD) string. |
378 | </t> | 378 | </t> |
379 | <t> | 379 | <t> |
380 | A implementation SHOULD enable the user to create and manage zones. | 380 | A implementation <bcp14>SHOULD</bcp14> enable the user to create and manage zones. |
381 | If this functionality is not implemented, names can still be resolved | 381 | If this functionality is not implemented, names can still be resolved |
382 | if zone keys for the initial step in the name resolution are available | 382 | if zone keys for the initial step in the name resolution are available |
383 | (see <xref target="resolution"/>). | 383 | (see <xref target="resolution"/>). |
@@ -390,7 +390,7 @@ | |||
390 | The ztype determines which cryptosystem is used for the | 390 | The ztype determines which cryptosystem is used for the |
391 | asymmetric and symmetric key operations of the zone and the format of | 391 | asymmetric and symmetric key operations of the zone and the format of |
392 | the delegation record type. | 392 | the delegation record type. |
393 | Any ztype MUST define the following set of cryptographic functions: | 393 | Any ztype <bcp14>MUST</bcp14> define the following set of cryptographic functions: |
394 | </t> | 394 | </t> |
395 | <dl> | 395 | <dl> |
396 | <dt>KeyGen() -> d, zk</dt> | 396 | <dt>KeyGen() -> d, zk</dt> |
@@ -502,7 +502,7 @@ ztype||zkey := Base32GNS-Decode(zTLD) | |||
502 | <t> | 502 | <t> |
503 | The zTLD can be used as-is as a rightmost label in a GNS name. | 503 | The zTLD can be used as-is as a rightmost label in a GNS name. |
504 | If an application wants to ensure DNS compatibility of the name, | 504 | If an application wants to ensure DNS compatibility of the name, |
505 | it MAY also represent the zTLD as follows: | 505 | it <bcp14>MAY</bcp14> also represent the zTLD as follows: |
506 | If the zTLD is less than or equal to 63 characters, it can | 506 | If the zTLD is less than or equal to 63 characters, it can |
507 | be used as a zTLD as-is. | 507 | be used as a zTLD as-is. |
508 | If the zTLD is longer than 63 characters, the | 508 | If the zTLD is longer than 63 characters, the |
@@ -512,7 +512,7 @@ ztype||zkey := Base32GNS-Decode(zTLD) | |||
512 | the least significant bytes in the leftmost label of the resulting string. This allows the | 512 | the least significant bytes in the leftmost label of the resulting string. This allows the |
513 | resolver to determine the ztype and zTLD length from the rightmost | 513 | resolver to determine the ztype and zTLD length from the rightmost |
514 | label and to subsequently determine how many labels the zTLD should span. | 514 | label and to subsequently determine how many labels the zTLD should span. |
515 | A GNS implementation MUST support the division of zTLD in DNS compatible | 515 | A GNS implementation <bcp14>MUST</bcp14> support the division of zTLD in DNS compatible |
516 | label lengths. | 516 | label lengths. |
517 | For example, assuming a zTLD of 130 characters, a viable division | 517 | For example, assuming a zTLD of 130 characters, a viable division |
518 | would be: | 518 | would be: |
@@ -525,9 +525,9 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
525 | <section anchor="revocation" numbered="true" toc="default"> | 525 | <section anchor="revocation" numbered="true" toc="default"> |
526 | <name>Zone Revocation</name> | 526 | <name>Zone Revocation</name> |
527 | <t> | 527 | <t> |
528 | In order to revoke a zone key, a signed revocation message MUST be | 528 | In order to revoke a zone key, a signed revocation message <bcp14>MUST</bcp14> be |
529 | published. | 529 | published. |
530 | This message MUST be signed using the private key. | 530 | This message <bcp14>MUST</bcp14> be signed using the private key. |
531 | The revocation message is broadcast to the network. | 531 | The revocation message is broadcast to the network. |
532 | The specification of the broadcast mechanism is out of scope for this | 532 | The specification of the broadcast mechanism is out of scope for this |
533 | document. | 533 | document. |
@@ -536,9 +536,9 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
536 | Alternatively, revocation messages could also be distributed via a | 536 | Alternatively, revocation messages could also be distributed via a |
537 | distributed ledger or a trusted central server. | 537 | distributed ledger or a trusted central server. |
538 | To prevent | 538 | To prevent |
539 | flooding attacks, the revocation message MUST contain a proof of work | 539 | flooding attacks, the revocation message <bcp14>MUST</bcp14> contain a proof of work |
540 | (PoW). | 540 | (PoW). |
541 | The revocation message including the PoW MAY be calculated | 541 | The revocation message including the PoW <bcp14>MAY</bcp14> be calculated |
542 | ahead of time to support timely revocation. | 542 | ahead of time to support timely revocation. |
543 | </t> | 543 | </t> |
544 | <t> | 544 | <t> |
@@ -675,24 +675,24 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
675 | <dd> | 675 | <dd> |
676 | denotes the relative 64-bit time to live of the record in | 676 | denotes the relative 64-bit time to live of the record in |
677 | microseconds also in network byte order. | 677 | microseconds also in network byte order. |
678 | The field SHOULD be set to EPOCH * 1.1. | 678 | The field <bcp14>SHOULD</bcp14> be set to EPOCH * 1.1. |
679 | If the average number of leading zeros D' is larger than | 679 | If the average number of leading zeros D' is larger than |
680 | D, then the field value MAY be increased up to | 680 | D, then the field value <bcp14>MAY</bcp14> be increased up to |
681 | (D'-D) * EPOCH * 1.1. | 681 | (D'-D) * EPOCH * 1.1. |
682 | The EPOCH is extended by | 682 | The EPOCH is extended by |
683 | 10% in order to deal with unsynchronized clocks. | 683 | 10% in order to deal with unsynchronized clocks. |
684 | This field is informational for a verifier. | 684 | This field is informational for a verifier. |
685 | A verifier MAY discard a revocation without | 685 | A verifier <bcp14>MAY</bcp14> discard a revocation without |
686 | checking the POW values or the signature if the TTL (in combination with TIMESTAMP) | 686 | checking the POW values or the signature if the TTL (in combination with TIMESTAMP) |
687 | indicates that the revocation has already expired. | 687 | indicates that the revocation has already expired. |
688 | The actual validity period of the | 688 | The actual validity period of the |
689 | revocation MUST be determined by examining the leading zeroes in the | 689 | revocation <bcp14>MUST</bcp14> be determined by examining the leading zeroes in the |
690 | POW values. | 690 | POW values. |
691 | </dd> | 691 | </dd> |
692 | <dt>POW_i</dt> | 692 | <dt>POW_i</dt> |
693 | <dd> | 693 | <dd> |
694 | The values calculated as part of the PoW, in network byte order. | 694 | The values calculated as part of the PoW, in network byte order. |
695 | Each POW_i MUST be unique in the set of POW values. | 695 | Each POW_i <bcp14>MUST</bcp14> be unique in the set of POW values. |
696 | To facilitate fast verification | 696 | To facilitate fast verification |
697 | of uniqueness, the POW values must be given in strictly | 697 | of uniqueness, the POW values must be given in strictly |
698 | monotonically increasing order in the message. | 698 | monotonically increasing order in the message. |
@@ -747,7 +747,7 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
747 | <dt>PURPOSE</dt> | 747 | <dt>PURPOSE</dt> |
748 | <dd> | 748 | <dd> |
749 | A 32-bit signature purpose flag. | 749 | A 32-bit signature purpose flag. |
750 | The value of this field MUST be 3. | 750 | The value of this field <bcp14>MUST</bcp14> be 3. |
751 | The value is encoded in network byte order. | 751 | The value is encoded in network byte order. |
752 | It defines the context in which | 752 | It defines the context in which |
753 | the signature is created so that it cannot be reused in other parts | 753 | the signature is created so that it cannot be reused in other parts |
@@ -767,14 +767,14 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
767 | <dd>Field as defined in the revocation message above.</dd> | 767 | <dd>Field as defined in the revocation message above.</dd> |
768 | </dl> | 768 | </dl> |
769 | <t> | 769 | <t> |
770 | In order to verify a revocation the following steps MUST be taken: | 770 | In order to verify a revocation the following steps <bcp14>MUST</bcp14> be taken: |
771 | </t> | 771 | </t> |
772 | <ol> | 772 | <ol> |
773 | <li>The signature MUST be verified against the zone key.</li> | 773 | <li>The signature <bcp14>MUST</bcp14> be verified against the zone key.</li> |
774 | <li>The set of POW values MUST NOT contain duplicates which MUST be checked by verifying that the values are strictly monotonically increasing.</li> | 774 | <li>The set of POW values <bcp14>MUST</bcp14> NOT contain duplicates which <bcp14>MUST</bcp14> be checked by verifying that the values are strictly monotonically increasing.</li> |
775 | <li>The average number of leading zeroes D' resulting from the provided | 775 | <li>The average number of leading zeroes D' resulting from the provided |
776 | POW values MUST be greater than and not equal to D. Implementers | 776 | POW values <bcp14>MUST</bcp14> be greater than and not equal to D. Implementers |
777 | MUST NOT use an integer data type to calculate or represent D'.</li> | 777 | <bcp14>MUST</bcp14> NOT use an integer data type to calculate or represent D'.</li> |
778 | <li> | 778 | <li> |
779 | The validity period of the revocation is calculated as | 779 | The validity period of the revocation is calculated as |
780 | (D'-D) * EPOCH * 1.1. The EPOCH is extended by | 780 | (D'-D) * EPOCH * 1.1. The EPOCH is extended by |
@@ -782,11 +782,11 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
782 | The validity period added on top of the TIMESTAMP yields the | 782 | The validity period added on top of the TIMESTAMP yields the |
783 | expiration date. | 783 | expiration date. |
784 | Should the verifier calculate the validity and find that it differs from | 784 | Should the verifier calculate the validity and find that it differs from |
785 | the TTL field value, the verifier MUST continue and | 785 | the TTL field value, the verifier <bcp14>MUST</bcp14> continue and |
786 | use the calculated value when forwarding the revocation. | 786 | use the calculated value when forwarding the revocation. |
787 | </li> | 787 | </li> |
788 | <li>The current time SHOULD be between TIMESTAMP and | 788 | <li>The current time <bcp14>SHOULD</bcp14> be between TIMESTAMP and |
789 | TIMESTAMP + validity period. Implementations MAY process the revocation without validating this.</li> | 789 | TIMESTAMP + validity period. Implementations <bcp14>MAY</bcp14> process the revocation without validating this.</li> |
790 | </ol> | 790 | </ol> |
791 | </section> | 791 | </section> |
792 | 792 | ||
@@ -795,7 +795,7 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
795 | <section anchor="rrecords" numbered="true" toc="default"> | 795 | <section anchor="rrecords" numbered="true" toc="default"> |
796 | <name>Resource Records</name> | 796 | <name>Resource Records</name> |
797 | <t> | 797 | <t> |
798 | A GNS implementation SHOULD provide a mechanism to create and manage local | 798 | A GNS implementation <bcp14>SHOULD</bcp14> provide a mechanism to create and manage local |
799 | zones as well as a persistence mechanism such as a database for resource | 799 | zones as well as a persistence mechanism such as a database for resource |
800 | records. | 800 | records. |
801 | A new local zone is established by selecting a zone type and creating a | 801 | A new local zone is established by selecting a zone type and creating a |
@@ -859,11 +859,11 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
859 | </dl> | 859 | </dl> |
860 | <t> | 860 | <t> |
861 | Flags indicate metadata surrounding the resource record. | 861 | Flags indicate metadata surrounding the resource record. |
862 | Applications creating resource records MUST set all bits which are | 862 | Applications creating resource records <bcp14>MUST</bcp14> set all bits which are |
863 | not defined as a flag to 0. Additional flags may be defined in | 863 | not defined as a flag to 0. Additional flags may be defined in |
864 | future protocol versions. | 864 | future protocol versions. |
865 | If an application or implementation encounters a flag which it does not | 865 | If an application or implementation encounters a flag which it does not |
866 | recognize, it MUST be ignored. | 866 | recognize, it <bcp14>MUST</bcp14> be ignored. |
867 | Any combination of the flags specified below are valid. | 867 | Any combination of the flags specified below are valid. |
868 | <xref target="figure_flag"/> | 868 | <xref target="figure_flag"/> |
869 | illustrates the flag distribution in the 16-bit flag field of a | 869 | illustrates the flag distribution in the 16-bit flag field of a |
@@ -882,12 +882,12 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
882 | <dd> | 882 | <dd> |
883 | If this flag is set, it indicates that processing is critical. | 883 | If this flag is set, it indicates that processing is critical. |
884 | Implementations that do not support the record type or are otherwise | 884 | Implementations that do not support the record type or are otherwise |
885 | unable to process the record MUST abort resolution upon encountering | 885 | unable to process the record <bcp14>MUST</bcp14> abort resolution upon encountering |
886 | the record in the resolution process. | 886 | the record in the resolution process. |
887 | </dd> | 887 | </dd> |
888 | <dt>SHADOW</dt> | 888 | <dt>SHADOW</dt> |
889 | <dd> | 889 | <dd> |
890 | If this flag is set, this record MUST be ignored by resolvers unless all (other) | 890 | If this flag is set, this record <bcp14>MUST</bcp14> be ignored by resolvers unless all (other) |
891 | records of the same record type have expired. Used to allow zone publishers to | 891 | records of the same record type have expired. Used to allow zone publishers to |
892 | facilitate good performance when records change by allowing them to put future | 892 | facilitate good performance when records change by allowing them to put future |
893 | values of records into the storage. | 893 | values of records into the storage. |
@@ -906,14 +906,14 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
906 | <name>Zone Delegation Records</name> | 906 | <name>Zone Delegation Records</name> |
907 | <t> | 907 | <t> |
908 | This section defines the initial set of zone delegation record types. | 908 | This section defines the initial set of zone delegation record types. |
909 | Any implementation SHOULD support all zone types defined here and | 909 | Any implementation <bcp14>SHOULD</bcp14> support all zone types defined here and |
910 | MAY support any number of additional delegation records defined in | 910 | <bcp14>MAY</bcp14> support any number of additional delegation records defined in |
911 | the GNU Name System Record Types registry (see <xref target="gana"/>). | 911 | the GNU Name System Record Types registry (see <xref target="gana"/>). |
912 | Not supporting some zone types will result in resolution failures in case | 912 | Not supporting some zone types will result in resolution failures in case |
913 | the respective zone type is encountered. | 913 | the respective zone type is encountered. |
914 | This may be a valid choice if some zone delegation record types have been | 914 | This may be a valid choice if some zone delegation record types have been |
915 | determined to be cryptographically insecure. | 915 | determined to be cryptographically insecure. |
916 | Zone delegation records MUST NOT be stored and published | 916 | Zone delegation records <bcp14>MUST</bcp14> NOT be stored and published |
917 | under the apex label. | 917 | under the apex label. |
918 | A zone delegation record type value is the same as the respective ztype | 918 | A zone delegation record type value is the same as the respective ztype |
919 | value. | 919 | value. |
@@ -921,8 +921,8 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] | |||
921 | being delegated to. | 921 | being delegated to. |
922 | A zone delegation record payload contains the public key of | 922 | A zone delegation record payload contains the public key of |
923 | the zone to delegate to. | 923 | the zone to delegate to. |
924 | A zone delegation record MUST have the CRTITICAL flag set. | 924 | A zone delegation record <bcp14>MUST</bcp14> have the CRTITICAL flag set. |
925 | A zone delegation record MUST be the only record under a label. | 925 | A zone delegation record <bcp14>MUST</bcp14> be the only record under a label. |
926 | No other records are allowed. | 926 | No other records are allowed. |
927 | </t> | 927 | </t> |
928 | <section anchor="gnsrecords_pkey" numbered="true" toc="default"> | 928 | <section anchor="gnsrecords_pkey" numbered="true" toc="default"> |
@@ -1227,13 +1227,13 @@ ZKDF-Public(zk,label): | |||
1227 | return zk' | 1227 | return zk' |
1228 | ]]></artwork> | 1228 | ]]></artwork> |
1229 | <t> | 1229 | <t> |
1230 | Implementers SHOULD employ a constant time scalar | 1230 | Implementers <bcp14>SHOULD</bcp14> employ a constant time scalar |
1231 | multiplication for the constructions above to protect against | 1231 | multiplication for the constructions above to protect against |
1232 | timing attacks. Otherwise, timing attacks may leak private key | 1232 | timing attacks. Otherwise, timing attacks may leak private key |
1233 | material if an attacker can predict when a system starts the | 1233 | material if an attacker can predict when a system starts the |
1234 | publication process. | 1234 | publication process. |
1235 | <!--Also, implementers | 1235 | <!--Also, implementers |
1236 | MUST ensure that the private key a is an ed25519 private key | 1236 | <bcp14>MUST</bcp14> ensure that the private key a is an ed25519 private key |
1237 | and specifically that "a[0] & 7 == 0" holds.--> | 1237 | and specifically that "a[0] & 7 == 0" holds.--> |
1238 | </t> | 1238 | </t> |
1239 | <t> | 1239 | <t> |
@@ -1256,7 +1256,7 @@ ZKDF-Public(zk,label): | |||
1256 | co-factor are integer operations. | 1256 | co-factor are integer operations. |
1257 | </t> | 1257 | </t> |
1258 | <t> | 1258 | <t> |
1259 | The Sign(d,message) and Verify(zk,message,signature) procedures MUST | 1259 | The Sign(d,message) and Verify(zk,message,signature) procedures <bcp14>MUST</bcp14> |
1260 | be implemented as defined in <xref target="RFC8032" />. | 1260 | be implemented as defined in <xref target="RFC8032" />. |
1261 | </t> | 1261 | </t> |
1262 | <t> | 1262 | <t> |
@@ -1265,7 +1265,7 @@ ZKDF-Public(zk,label): | |||
1265 | As the corresponding private key to the derived private scalar d' | 1265 | As the corresponding private key to the derived private scalar d' |
1266 | is not known, it is not possible to deterministically derive the | 1266 | is not known, it is not possible to deterministically derive the |
1267 | signature part R according to <xref target="RFC8032" />. | 1267 | signature part R according to <xref target="RFC8032" />. |
1268 | Instead, signatures MUST be generated as follows for any given | 1268 | Instead, signatures <bcp14>MUST</bcp14> be generated as follows for any given |
1269 | message and private zone key: | 1269 | message and private zone key: |
1270 | A nonce is calculated from the highest 32 bytes of the | 1270 | A nonce is calculated from the highest 32 bytes of the |
1271 | expansion of the private key d and the blinding factor h. | 1271 | expansion of the private key d and the blinding factor h. |
@@ -1374,21 +1374,21 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1374 | <name>Redirection Records</name> | 1374 | <name>Redirection Records</name> |
1375 | <t> | 1375 | <t> |
1376 | Redirect records may be used to redirect resolution. | 1376 | Redirect records may be used to redirect resolution. |
1377 | Any implementation SHOULD support all redirection record types defined here | 1377 | Any implementation <bcp14>SHOULD</bcp14> support all redirection record types defined here |
1378 | and MAY support any number of additional redirection records defined in | 1378 | and <bcp14>MAY</bcp14> support any number of additional redirection records defined in |
1379 | the GNU Name System Record Types registry (see Section <xref target="gana"/>). | 1379 | the GNU Name System Record Types registry (see Section <xref target="gana"/>). |
1380 | Redirection records MUST have the CRTITICAL flag set. | 1380 | Redirection records <bcp14>MUST</bcp14> have the CRTITICAL flag set. |
1381 | Not supporting some record types MAY result in resolution failures. | 1381 | Not supporting some record types <bcp14>MAY</bcp14> result in resolution failures. |
1382 | This MAY BE a valid choice if some redirection record types have been | 1382 | This <bcp14>MAY</bcp14> BE a valid choice if some redirection record types have been |
1383 | determined to be insecure, or if an application has reasons to not | 1383 | determined to be insecure, or if an application has reasons to not |
1384 | support redirection to DNS for reasons such as complexity or security. | 1384 | support redirection to DNS for reasons such as complexity or security. |
1385 | Redirection records MUST NOT be stored and published under the apex label. | 1385 | Redirection records <bcp14>MUST</bcp14> NOT be stored and published under the apex label. |
1386 | </t> | 1386 | </t> |
1387 | <section anchor="gnsrecords_rdr" numbered="true" toc="default"> | 1387 | <section anchor="gnsrecords_rdr" numbered="true" toc="default"> |
1388 | <name>REDIRECT</name> | 1388 | <name>REDIRECT</name> |
1389 | <t> | 1389 | <t> |
1390 | A REDIRECT record is the GNS equivalent of a CNAME record in DNS. | 1390 | A REDIRECT record is the GNS equivalent of a CNAME record in DNS. |
1391 | A REDIRECT record MUST be the only record under a label. | 1391 | A REDIRECT record <bcp14>MUST</bcp14> be the only record under a label. |
1392 | No other records are allowed. | 1392 | No other records are allowed. |
1393 | Details on processing of this record is defined in <xref target="redirect_processing"/>. | 1393 | Details on processing of this record is defined in <xref target="redirect_processing"/>. |
1394 | 1394 | ||
@@ -1424,8 +1424,8 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1424 | The resource record contains a DNS name for the resolver to continue with | 1424 | The resource record contains a DNS name for the resolver to continue with |
1425 | in DNS followed by a DNS server. Both names are in the format defined in | 1425 | in DNS followed by a DNS server. Both names are in the format defined in |
1426 | <xref target="RFC1034" /> for DNS names. | 1426 | <xref target="RFC1034" /> for DNS names. |
1427 | There MAY be multiple GNS2DNS records under a label. | 1427 | There <bcp14>MAY</bcp14> be multiple GNS2DNS records under a label. |
1428 | There MAY also be DNSSEC DS records or any other records used to | 1428 | There <bcp14>MAY</bcp14> also be DNSSEC DS records or any other records used to |
1429 | secure the connection with the DNS servers under the same label. | 1429 | secure the connection with the DNS servers under the same label. |
1430 | No other record types are allowed in the same record set. | 1430 | No other record types are allowed in the same record set. |
1431 | A GNS2DNS DATA entry is illustrated in <xref target="figure_gns2dnsrecord"/>.</t> | 1431 | A GNS2DNS DATA entry is illustrated in <xref target="figure_gns2dnsrecord"/>.</t> |
@@ -1457,16 +1457,16 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1457 | form or an IPv6 address in colon-hexadecimal form or a DNS name. | 1457 | form or an IPv6 address in colon-hexadecimal form or a DNS name. |
1458 | It may also be a relative GNS name ending with a | 1458 | It may also be a relative GNS name ending with a |
1459 | "+" as the rightmost label. | 1459 | "+" as the rightmost label. |
1460 | The implementation MUST check the string syntactically for | 1460 | The implementation <bcp14>MUST</bcp14> check the string syntactically for |
1461 | an IP address in the respective notation before checking for a | 1461 | an IP address in the respective notation before checking for a |
1462 | relative GNS name. | 1462 | relative GNS name. |
1463 | If all three checks fail, the name MUST be treated as a DNS name. | 1463 | If all three checks fail, the name <bcp14>MUST</bcp14> be treated as a DNS name. |
1464 | The value is UTF-8 encoded and 0-terminated. | 1464 | The value is UTF-8 encoded and 0-terminated. |
1465 | </dd> | 1465 | </dd> |
1466 | </dl> | 1466 | </dl> |
1467 | <t> | 1467 | <t> |
1468 | NOTE: If an application uses DNS names obtained from GNS2DNS records | 1468 | NOTE: If an application uses DNS names obtained from GNS2DNS records |
1469 | in a DNS request they MUST first be converted to an IDNA compliant | 1469 | in a DNS request they <bcp14>MUST</bcp14> first be converted to an IDNA compliant |
1470 | representation <xref target="RFC5890" />. | 1470 | representation <xref target="RFC5890" />. |
1471 | </t> | 1471 | </t> |
1472 | </section> | 1472 | </section> |
@@ -1475,7 +1475,7 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1475 | <name>Auxiliary Records</name> | 1475 | <name>Auxiliary Records</name> |
1476 | <t> | 1476 | <t> |
1477 | This section defines the initial set of auxiliary GNS record types. Any | 1477 | This section defines the initial set of auxiliary GNS record types. Any |
1478 | implementation SHOULD be able to process the specified record types | 1478 | implementation <bcp14>SHOULD</bcp14> be able to process the specified record types |
1479 | according to <xref target="record_processing"/>. | 1479 | according to <xref target="record_processing"/>. |
1480 | </t> | 1480 | </t> |
1481 | <section anchor="gnsrecords_leho" numbered="true" toc="default"> | 1481 | <section anchor="gnsrecords_leho" numbered="true" toc="default"> |
@@ -1519,7 +1519,7 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1519 | </dl> | 1519 | </dl> |
1520 | <t> | 1520 | <t> |
1521 | NOTE: If an application uses a LEHO value in an HTTP request header | 1521 | NOTE: If an application uses a LEHO value in an HTTP request header |
1522 | (e.g. "Host:" header) it MUST be converted to an IDNA compliant representation | 1522 | (e.g. "Host:" header) it <bcp14>MUST</bcp14> be converted to an IDNA compliant representation |
1523 | <xref target="RFC5890" />. | 1523 | <xref target="RFC5890" />. |
1524 | </t> | 1524 | </t> |
1525 | </section> | 1525 | </section> |
@@ -1531,7 +1531,7 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1531 | This is a suggestion to other zones what label to use when creating a | 1531 | This is a suggestion to other zones what label to use when creating a |
1532 | delegation record (<xref target="gnsrecords_delegation" />) containing | 1532 | delegation record (<xref target="gnsrecords_delegation" />) containing |
1533 | this zone key. | 1533 | this zone key. |
1534 | This record SHOULD only be stored under the apex label "@" but MAY be | 1534 | This record <bcp14>SHOULD</bcp14> only be stored under the apex label "@" but <bcp14>MAY</bcp14> be |
1535 | returned with record sets under any label as a supplemental record. | 1535 | returned with record sets under any label as a supplemental record. |
1536 | <xref target="nick_processing"/> details how a resolver must process | 1536 | <xref target="nick_processing"/> details how a resolver must process |
1537 | supplemental and non-supplemental NICK records. | 1537 | supplemental and non-supplemental NICK records. |
@@ -1552,7 +1552,7 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1552 | <dt>NICKNAME</dt> | 1552 | <dt>NICKNAME</dt> |
1553 | <dd> | 1553 | <dd> |
1554 | A UTF-8 string (which is not 0-terminated) representing the preferred | 1554 | A UTF-8 string (which is not 0-terminated) representing the preferred |
1555 | label of the zone. This string MUST be a valid GNS label. | 1555 | label of the zone. This string <bcp14>MUST</bcp14> be a valid GNS label. |
1556 | </dd> | 1556 | </dd> |
1557 | </dl> | 1557 | </dl> |
1558 | </section> | 1558 | </section> |
@@ -1624,9 +1624,9 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
1624 | <t> | 1624 | <t> |
1625 | Any API which allows storing a value under a 512-bit key and retrieving | 1625 | Any API which allows storing a value under a 512-bit key and retrieving |
1626 | one or more values from the key can be used by an implementation for record storage. | 1626 | one or more values from the key can be used by an implementation for record storage. |
1627 | To be useful, the API MUST permit storing at least 176 byte values | 1627 | To be useful, the API <bcp14>MUST</bcp14> permit storing at least 176 byte values |
1628 | to be able to support the defined zone delegation record encodings, | 1628 | to be able to support the defined zone delegation record encodings, |
1629 | and SHOULD allow at least 1024 byte values. | 1629 | and <bcp14>SHOULD</bcp14> allow at least 1024 byte values. |
1630 | In the following, it is assumed that an implementation realizes two | 1630 | In the following, it is assumed that an implementation realizes two |
1631 | procedures on top of a storage: | 1631 | procedures on top of a storage: |
1632 | </t> | 1632 | </t> |
@@ -1639,8 +1639,8 @@ GET(key) -> value | |||
1639 | record would require a revocation of the record. | 1639 | record would require a revocation of the record. |
1640 | In GNS, zones can only be revoked as a whole. Records automatically | 1640 | In GNS, zones can only be revoked as a whole. Records automatically |
1641 | expire and it is under the discretion of the storage as to when to delete | 1641 | expire and it is under the discretion of the storage as to when to delete |
1642 | the record. The GNS implementation MUST NOT publish expired resource | 1642 | the record. The GNS implementation <bcp14>MUST</bcp14> NOT publish expired resource |
1643 | records. Any GNS resolver MUST discard expired records returned from | 1643 | records. Any GNS resolver <bcp14>MUST</bcp14> discard expired records returned from |
1644 | the storage. | 1644 | the storage. |
1645 | </t> | 1645 | </t> |
1646 | <t> | 1646 | <t> |
@@ -1654,7 +1654,7 @@ GET(key) -> value | |||
1654 | ensure query privacy (see <xref target="RFC8324"/>, Section 3.5). | 1654 | ensure query privacy (see <xref target="RFC8324"/>, Section 3.5). |
1655 | The storage key derivation and records | 1655 | The storage key derivation and records |
1656 | block creation is specified in the following sections. | 1656 | block creation is specified in the following sections. |
1657 | The implementation MUST use the PUT storage procedure in order to update | 1657 | The implementation <bcp14>MUST</bcp14> use the PUT storage procedure in order to update |
1658 | the zone contents accordingly. | 1658 | the zone contents accordingly. |
1659 | </t> | 1659 | </t> |
1660 | <section anchor="blinding" numbered="true" toc="default"> | 1660 | <section anchor="blinding" numbered="true" toc="default"> |
@@ -1685,8 +1685,8 @@ q := SHA-512 (ZKDF-Public(zk, label)) | |||
1685 | <name>The Records Block</name> | 1685 | <name>The Records Block</name> |
1686 | <t> | 1686 | <t> |
1687 | GNS records are grouped by their labels and published as a single | 1687 | GNS records are grouped by their labels and published as a single |
1688 | block in the storage. The grouped record sets MAY be paired with any | 1688 | block in the storage. The grouped record sets <bcp14>MAY</bcp14> be paired with any |
1689 | number of supplemental records. Supplemental records MUST have the | 1689 | number of supplemental records. Supplemental records <bcp14>MUST</bcp14> have the |
1690 | supplemental flag set (See <xref target="rrecords"/>). | 1690 | supplemental flag set (See <xref target="rrecords"/>). |
1691 | The contained resource records are encrypted using a symmetric | 1691 | The contained resource records are encrypted using a symmetric |
1692 | encryption scheme. | 1692 | encryption scheme. |
@@ -1726,7 +1726,7 @@ q := SHA-512 (ZKDF-Public(zk, label)) | |||
1726 | A 32-bit value containing the length of the block in bytes. | 1726 | A 32-bit value containing the length of the block in bytes. |
1727 | In network byte order. | 1727 | In network byte order. |
1728 | While a 32-bit value is used, | 1728 | While a 32-bit value is used, |
1729 | implementations MAY refuse to publish blocks beyond a certain | 1729 | implementations <bcp14>MAY</bcp14> refuse to publish blocks beyond a certain |
1730 | size significantly below 4 GB. | 1730 | size significantly below 4 GB. |
1731 | </dd> | 1731 | </dd> |
1732 | <dt>ZONE TYPE</dt> | 1732 | <dt>ZONE TYPE</dt> |
@@ -1751,9 +1751,9 @@ q := SHA-512 (ZKDF-Public(zk, label)) | |||
1751 | <dt>EXPIRATION</dt> | 1751 | <dt>EXPIRATION</dt> |
1752 | <dd> | 1752 | <dd> |
1753 | Specifies when the RRBLOCK expires and the encrypted block | 1753 | Specifies when the RRBLOCK expires and the encrypted block |
1754 | SHOULD be removed from the storage and caches as it is likely stale. | 1754 | <bcp14>SHOULD</bcp14> be removed from the storage and caches as it is likely stale. |
1755 | However, applications MAY continue to use non-expired individual | 1755 | However, applications <bcp14>MAY</bcp14> continue to use non-expired individual |
1756 | records until they expire. The value MUST be set to the | 1756 | records until they expire. The value <bcp14>MUST</bcp14> be set to the |
1757 | expiration time of the resource record contained within this block with the | 1757 | expiration time of the resource record contained within this block with the |
1758 | smallest expiration time. | 1758 | smallest expiration time. |
1759 | If a records block includes shadow records, then the maximum | 1759 | If a records block includes shadow records, then the maximum |
@@ -1797,7 +1797,7 @@ q := SHA-512 (ZKDF-Public(zk, label)) | |||
1797 | <dt>PURPOSE</dt> | 1797 | <dt>PURPOSE</dt> |
1798 | <dd> | 1798 | <dd> |
1799 | A 32-bit signature purpose flag. The value of this | 1799 | A 32-bit signature purpose flag. The value of this |
1800 | field MUST be 15. | 1800 | field <bcp14>MUST</bcp14> be 15. |
1801 | The value is encoded in network byte order. | 1801 | The value is encoded in network byte order. |
1802 | It defines the context in which | 1802 | It defines the context in which |
1803 | the signature is created so that it cannot be reused in other parts | 1803 | the signature is created so that it cannot be reused in other parts |
@@ -1850,15 +1850,15 @@ q := SHA-512 (ZKDF-Public(zk, label)) | |||
1850 | </dd> | 1850 | </dd> |
1851 | <dt>PADDING</dt> | 1851 | <dt>PADDING</dt> |
1852 | <dd> | 1852 | <dd> |
1853 | When publishing an RDATA block, the implementation MUST ensure that | 1853 | When publishing an RDATA block, the implementation <bcp14>MUST</bcp14> ensure that |
1854 | the size of the RDATA is a power of two | 1854 | the size of the RDATA is a power of two |
1855 | using the padding field. The field MUST be set to zero and MUST be | 1855 | using the padding field. The field <bcp14>MUST</bcp14> be set to zero and <bcp14>MUST</bcp14> be |
1856 | ignored on receipt. | 1856 | ignored on receipt. |
1857 | As a special exception, record sets with (only) a zone delegation | 1857 | As a special exception, record sets with (only) a zone delegation |
1858 | record type are never padded. | 1858 | record type are never padded. |
1859 | Note that a record set with a delegation record MUST NOT | 1859 | Note that a record set with a delegation record <bcp14>MUST</bcp14> NOT |
1860 | contain other records. If other records are encountered, the whole | 1860 | contain other records. If other records are encountered, the whole |
1861 | record block MUST be discarded. | 1861 | record block <bcp14>MUST</bcp14> be discarded. |
1862 | </dd> | 1862 | </dd> |
1863 | </dl> | 1863 | </dl> |
1864 | </section> | 1864 | </section> |
@@ -1869,19 +1869,19 @@ q := SHA-512 (ZKDF-Public(zk, label)) | |||
1869 | Names in GNS are resolved by recursively querying the record storage. | 1869 | Names in GNS are resolved by recursively querying the record storage. |
1870 | Recursive in this context means that a resolver does not provide | 1870 | Recursive in this context means that a resolver does not provide |
1871 | intermediate results for a query. | 1871 | intermediate results for a query. |
1872 | Instead, it MUST respond to a resolution request with either the | 1872 | Instead, it <bcp14>MUST</bcp14> respond to a resolution request with either the |
1873 | requested resource record or an error message in case the resolution | 1873 | requested resource record or an error message in case the resolution |
1874 | fails. | 1874 | fails. |
1875 | The following sections detail how resolution is initiated and each | 1875 | The following sections detail how resolution is initiated and each |
1876 | iteration in the resolution is processed. | 1876 | iteration in the resolution is processed. |
1877 | </t> | 1877 | </t> |
1878 | <t> | 1878 | <t> |
1879 | The application MAY provide a desired record type to the resolver. | 1879 | The application <bcp14>MAY</bcp14> provide a desired record type to the resolver. |
1880 | The desired record type is used to guide processing. | 1880 | The desired record type is used to guide processing. |
1881 | For example, if a zone delegation record type is requested, the | 1881 | For example, if a zone delegation record type is requested, the |
1882 | resolution of the apex label in that zone must be skipped, as | 1882 | resolution of the apex label in that zone must be skipped, as |
1883 | the desired record is already found. | 1883 | the desired record is already found. |
1884 | The resolver implementation MUST NOT filter results according to the desired | 1884 | The resolver implementation <bcp14>MUST</bcp14> NOT filter results according to the desired |
1885 | record type. | 1885 | record type. |
1886 | Filtering of record sets is typically done by the application. | 1886 | Filtering of record sets is typically done by the application. |
1887 | </t> | 1887 | </t> |
@@ -1903,19 +1903,19 @@ q := SHA-512 (ZKDF-Public(zk, label)) | |||
1903 | For names ending with a zTLD the start zone is explicitly given in the | 1903 | For names ending with a zTLD the start zone is explicitly given in the |
1904 | suffix of the name to resolve. | 1904 | suffix of the name to resolve. |
1905 | In order to ensure uniqueness of names with zTLDs any | 1905 | In order to ensure uniqueness of names with zTLDs any |
1906 | implementation MUST use the given zone as start zone. | 1906 | implementation <bcp14>MUST</bcp14> use the given zone as start zone. |
1907 | An implementation MUST first try to interpret the rightmost label of | 1907 | An implementation <bcp14>MUST</bcp14> first try to interpret the rightmost label of |
1908 | the given name as the beginning of a zTLD (<xref target="zTLD"/>). | 1908 | the given name as the beginning of a zTLD (<xref target="zTLD"/>). |
1909 | If the rightmost label cannot be (partially) decoded or if it does not | 1909 | If the rightmost label cannot be (partially) decoded or if it does not |
1910 | indicate a supported ztype, the name is treated as a normal name and | 1910 | indicate a supported ztype, the name is treated as a normal name and |
1911 | start zone discovery MUST continue with finding a local suffix-to-zone | 1911 | start zone discovery <bcp14>MUST</bcp14> continue with finding a local suffix-to-zone |
1912 | mapping. | 1912 | mapping. |
1913 | If a valid ztype can be found in the rightmost label, the | 1913 | If a valid ztype can be found in the rightmost label, the |
1914 | implementation MUST try to synthesize and decode the zTLD to retrieve | 1914 | implementation <bcp14>MUST</bcp14> try to synthesize and decode the zTLD to retrieve |
1915 | the start zone key according to <xref target="zTLD"/>. | 1915 | the start zone key according to <xref target="zTLD"/>. |
1916 | If the zTLD cannot be synthesized or decoded, the resolution of | 1916 | If the zTLD cannot be synthesized or decoded, the resolution of |
1917 | the name fails and an error is returned to the application. | 1917 | the name fails and an error is returned to the application. |
1918 | Otherwise, the zone key MUST be used as the start zone: | 1918 | Otherwise, the zone key <bcp14>MUST</bcp14> be used as the start zone: |
1919 | </t> | 1919 | </t> |
1920 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1920 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1921 | Example name: www.example.<zTLD> | 1921 | Example name: www.example.<zTLD> |
@@ -1923,16 +1923,16 @@ Example name: www.example.<zTLD> | |||
1923 | => Name to resolve from start zone: www.example | 1923 | => Name to resolve from start zone: www.example |
1924 | ]]></artwork> | 1924 | ]]></artwork> |
1925 | <t> | 1925 | <t> |
1926 | For names not ending with a zTLD the resolver MUST determine the start | 1926 | For names not ending with a zTLD the resolver <bcp14>MUST</bcp14> determine the start |
1927 | zone through a local suffix-to-zone mapping. | 1927 | zone through a local suffix-to-zone mapping. |
1928 | Suffix-to-zone mappings MUST be configurable through a local | 1928 | Suffix-to-zone mappings <bcp14>MUST</bcp14> be configurable through a local |
1929 | configuration file or database by the user or system administrator. | 1929 | configuration file or database by the user or system administrator. |
1930 | A suffix MAY consist of multiple GNS labels concatenated with a | 1930 | A suffix <bcp14>MAY</bcp14> consist of multiple GNS labels concatenated with a |
1931 | label separator. | 1931 | label separator. |
1932 | If multiple suffixes match the name to resolve, the longest | 1932 | If multiple suffixes match the name to resolve, the longest |
1933 | matching suffix MUST be used. The suffix length of two results | 1933 | matching suffix <bcp14>MUST</bcp14> be used. The suffix length of two results |
1934 | MUST NOT be equal. This indicates a misconfiguration and the | 1934 | <bcp14>MUST</bcp14> NOT be equal. This indicates a misconfiguration and the |
1935 | implementation MUST return an error. | 1935 | implementation <bcp14>MUST</bcp14> return an error. |
1936 | The following is a non-normative example mapping of start zones: | 1936 | The following is a non-normative example mapping of start zones: |
1937 | </t> | 1937 | </t> |
1938 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1938 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
@@ -1946,10 +1946,10 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
1946 | => Name to resolve from start zone: www | 1946 | => Name to resolve from start zone: www |
1947 | ]]></artwork> | 1947 | ]]></artwork> |
1948 | <t> | 1948 | <t> |
1949 | The process given above MAY be supplemented with other mechanisms if | 1949 | The process given above <bcp14>MAY</bcp14> be supplemented with other mechanisms if |
1950 | the particular application requires a different process. | 1950 | the particular application requires a different process. |
1951 | If no start zone can be discovered, resolution MUST fail and an | 1951 | If no start zone can be discovered, resolution <bcp14>MUST</bcp14> fail and an |
1952 | error MUST be returned to the application. | 1952 | error <bcp14>MUST</bcp14> be returned to the application. |
1953 | </t> | 1953 | </t> |
1954 | </section> | 1954 | </section> |
1955 | <section anchor="recursion" numbered="true" toc="default"> | 1955 | <section anchor="recursion" numbered="true" toc="default"> |
@@ -1973,11 +1973,11 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
1973 | </ol> | 1973 | </ol> |
1974 | <t> | 1974 | <t> |
1975 | Upon receiving the RRBLOCK from the storage, as part of verifying the | 1975 | Upon receiving the RRBLOCK from the storage, as part of verifying the |
1976 | provided signature, the resolver MUST check that the SHA-512 hash of the | 1976 | provided signature, the resolver <bcp14>MUST</bcp14> check that the SHA-512 hash of the |
1977 | derived authoritative zone key zk' from the RRBLOCK matches the query q | 1977 | derived authoritative zone key zk' from the RRBLOCK matches the query q |
1978 | and that the block is not yet expired. | 1978 | and that the block is not yet expired. |
1979 | If the signature does not match or the block is expired, the RRBLOCK MUST | 1979 | If the signature does not match or the block is expired, the RRBLOCK <bcp14>MUST</bcp14> |
1980 | be ignored and, if applicable, the storage lookup GET(q) MUST continue to | 1980 | be ignored and, if applicable, the storage lookup GET(q) <bcp14>MUST</bcp14> continue to |
1981 | look for other RRBLOCKs. | 1981 | look for other RRBLOCKs. |
1982 | </t> | 1982 | </t> |
1983 | </section> | 1983 | </section> |
@@ -1987,14 +1987,14 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
1987 | Record processing occurs once a well-formed block has been decrypted. | 1987 | Record processing occurs once a well-formed block has been decrypted. |
1988 | In record processing, only the valid records obtained are considered. | 1988 | In record processing, only the valid records obtained are considered. |
1989 | To filter records by validity, the resolver | 1989 | To filter records by validity, the resolver |
1990 | MUST at least check the expiration time and the FLAGS field of the | 1990 | <bcp14>MUST</bcp14> at least check the expiration time and the FLAGS field of the |
1991 | respective record. In particular, SHADOW and | 1991 | respective record. In particular, SHADOW and |
1992 | SUPPLEMENTAL flags may exclude the record from being considered. | 1992 | SUPPLEMENTAL flags may exclude the record from being considered. |
1993 | If the resolver encounters a record with the CRITICAL flag set and | 1993 | If the resolver encounters a record with the CRITICAL flag set and |
1994 | does not support the record type the resolution MUST be aborted | 1994 | does not support the record type the resolution <bcp14>MUST</bcp14> be aborted |
1995 | and an error MUST be returned. The information that the critical | 1995 | and an error <bcp14>MUST</bcp14> be returned. The information that the critical |
1996 | record could not be processed SHOULD be returned in the error | 1996 | record could not be processed <bcp14>SHOULD</bcp14> be returned in the error |
1997 | description. The implementation MAY choose not to return the reason for the failure, | 1997 | description. The implementation <bcp14>MAY</bcp14> choose not to return the reason for the failure, |
1998 | merely complicating troubleshooting for the user. | 1998 | merely complicating troubleshooting for the user. |
1999 | The next steps depend on the context of the name that is beging | 1999 | The next steps depend on the context of the name that is beging |
2000 | resolved: | 2000 | resolved: |
@@ -2031,13 +2031,13 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2031 | Case 5: | 2031 | Case 5: |
2032 | If the remainder of the name to resolve is empty | 2032 | If the remainder of the name to resolve is empty |
2033 | the record set is the final result. | 2033 | the record set is the final result. |
2034 | If any NICK records are in the final result set, it MUST be | 2034 | If any NICK records are in the final result set, it <bcp14>MUST</bcp14> be |
2035 | processed according to <xref target="nick_processing" />. | 2035 | processed according to <xref target="nick_processing" />. |
2036 | Otherwise, the final result set is returned. | 2036 | Otherwise, the final result set is returned. |
2037 | </li> | 2037 | </li> |
2038 | <li> | 2038 | <li> |
2039 | Finally, if none of the above is applicable resolution fails and the | 2039 | Finally, if none of the above is applicable resolution fails and the |
2040 | resolver MUST return an empty record set. | 2040 | resolver <bcp14>MUST</bcp14> return an empty record set. |
2041 | </li> | 2041 | </li> |
2042 | </ul> | 2042 | </ul> |
2043 | <section anchor="redirect_processing" numbered="true" toc="default"> | 2043 | <section anchor="redirect_processing" numbered="true" toc="default"> |
@@ -2053,14 +2053,14 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2053 | default operating system name resolution process. | 2053 | default operating system name resolution process. |
2054 | This may in turn trigger a GNS name resolution process depending | 2054 | This may in turn trigger a GNS name resolution process depending |
2055 | on the system configuration. | 2055 | on the system configuration. |
2056 | In case resolution continues in DNS, the name MUST first be | 2056 | In case resolution continues in DNS, the name <bcp14>MUST</bcp14> first be |
2057 | converted to an IDNA compliant representation <xref target="RFC5890" />. | 2057 | converted to an IDNA compliant representation <xref target="RFC5890" />. |
2058 | </t> | 2058 | </t> |
2059 | <t> | 2059 | <t> |
2060 | In order to prevent infinite loops, the resolver MUST | 2060 | In order to prevent infinite loops, the resolver <bcp14>MUST</bcp14> |
2061 | implement loop detections or limit the number of recursive | 2061 | implement loop detections or limit the number of recursive |
2062 | resolution steps. | 2062 | resolution steps. |
2063 | The loop detection MUST be effective even | 2063 | The loop detection <bcp14>MUST</bcp14> be effective even |
2064 | if a REDIRECT found in GNS triggers subsequent GNS lookups via | 2064 | if a REDIRECT found in GNS triggers subsequent GNS lookups via |
2065 | the default operating system name resolution process. | 2065 | the default operating system name resolution process. |
2066 | </t> | 2066 | </t> |
@@ -2077,7 +2077,7 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2077 | IP addresses of the specified DNS name servers. | 2077 | IP addresses of the specified DNS name servers. |
2078 | The DNS name may have to be converted to an IDNA compliant | 2078 | The DNS name may have to be converted to an IDNA compliant |
2079 | representation <xref target="RFC5890" /> for resolution in DNS. | 2079 | representation <xref target="RFC5890" /> for resolution in DNS. |
2080 | GNS2DNS records MAY | 2080 | GNS2DNS records <bcp14>MAY</bcp14> |
2081 | contain numeric IPv4 or IPv6 addresses, allowing the resolver to | 2081 | contain numeric IPv4 or IPv6 addresses, allowing the resolver to |
2082 | skip this step. | 2082 | skip this step. |
2083 | The DNS server names may themselves be names in GNS or DNS. | 2083 | The DNS server names may themselves be names in GNS or DNS. |
@@ -2090,16 +2090,16 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2090 | </t> | 2090 | </t> |
2091 | <t> | 2091 | <t> |
2092 | Multiple GNS2DNS records may be stored under the same label, | 2092 | Multiple GNS2DNS records may be stored under the same label, |
2093 | in which case the resolver MUST try all of them. | 2093 | in which case the resolver <bcp14>MUST</bcp14> try all of them. |
2094 | The resolver MAY try them in any order or even in parallel. | 2094 | The resolver <bcp14>MAY</bcp14> try them in any order or even in parallel. |
2095 | If multiple GNS2DNS records are present, the DNS name MUST be | 2095 | If multiple GNS2DNS records are present, the DNS name <bcp14>MUST</bcp14> be |
2096 | identical for all of them, if not the resolution fails and an | 2096 | identical for all of them, if not the resolution fails and an |
2097 | appropriate error is SHOULD be returned to the application. | 2097 | appropriate error is <bcp14>SHOULD</bcp14> be returned to the application. |
2098 | </t> | 2098 | </t> |
2099 | <t> | 2099 | <t> |
2100 | If there are DNSSEC DS records or any other records used to | 2100 | If there are DNSSEC DS records or any other records used to |
2101 | secure the connection with the DNS servers stored under the label, | 2101 | secure the connection with the DNS servers stored under the label, |
2102 | the DNS resolver SHOULD use them to secure the connection with | 2102 | the DNS resolver <bcp14>SHOULD</bcp14> use them to secure the connection with |
2103 | the DNS server. | 2103 | the DNS server. |
2104 | </t> | 2104 | </t> |
2105 | <t> | 2105 | <t> |
@@ -2109,39 +2109,39 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2109 | resolved by querying the DNS name server(s). | 2109 | resolved by querying the DNS name server(s). |
2110 | The synthesized name may have to be converted to an IDNA compliant | 2110 | The synthesized name may have to be converted to an IDNA compliant |
2111 | representation <xref target="RFC5890" /> for resolution in DNS. | 2111 | representation <xref target="RFC5890" /> for resolution in DNS. |
2112 | If such a conversion is not possible, the resolution MUST be aborted | 2112 | If such a conversion is not possible, the resolution <bcp14>MUST</bcp14> be aborted |
2113 | and an error MUST be returned. The information that the critical | 2113 | and an error <bcp14>MUST</bcp14> be returned. The information that the critical |
2114 | record could not be processed SHOULD be returned in the error | 2114 | record could not be processed <bcp14>SHOULD</bcp14> be returned in the error |
2115 | description. The implementation MAY choose not to return the reason for the failure, | 2115 | description. The implementation <bcp14>MAY</bcp14> choose not to return the reason for the failure, |
2116 | merely complicating troubleshooting for the user. | 2116 | merely complicating troubleshooting for the user. |
2117 | </t> | 2117 | </t> |
2118 | <t> | 2118 | <t> |
2119 | As the DNS servers | 2119 | As the DNS servers |
2120 | specified are possibly authoritative DNS servers, the GNS resolver MUST | 2120 | specified are possibly authoritative DNS servers, the GNS resolver <bcp14>MUST</bcp14> |
2121 | support recursive DNS resolution and MUST NOT delegate this to the | 2121 | support recursive DNS resolution and <bcp14>MUST</bcp14> NOT delegate this to the |
2122 | authoritative DNS servers. | 2122 | authoritative DNS servers. |
2123 | The first successful recursive name resolution result | 2123 | The first successful recursive name resolution result |
2124 | is returned to the application. | 2124 | is returned to the application. |
2125 | In addition, the resolver SHOULD return the queried DNS name as a | 2125 | In addition, the resolver <bcp14>SHOULD</bcp14> return the queried DNS name as a |
2126 | supplemental LEHO record (see <xref target="gnsrecords_leho" />) with a | 2126 | supplemental LEHO record (see <xref target="gnsrecords_leho" />) with a |
2127 | relative expiration time of one hour. | 2127 | relative expiration time of one hour. |
2128 | </t> | 2128 | </t> |
2129 | <t> | 2129 | <t> |
2130 | Once the transition from GNS into DNS is made through a | 2130 | Once the transition from GNS into DNS is made through a |
2131 | GNS2DNS record, there is no "going back". | 2131 | GNS2DNS record, there is no "going back". |
2132 | The (possibly recursive) resolution of the DNS name MUST NOT | 2132 | The (possibly recursive) resolution of the DNS name <bcp14>MUST</bcp14> NOT |
2133 | delegate back into GNS and should only follow the DNS specifications. | 2133 | delegate back into GNS and should only follow the DNS specifications. |
2134 | For example, names contained in DNS CNAME records MUST NOT be | 2134 | For example, names contained in DNS CNAME records <bcp14>MUST</bcp14> NOT be |
2135 | interpreted as GNS names. | 2135 | interpreted as GNS names. |
2136 | </t> | 2136 | </t> |
2137 | <t> | 2137 | <t> |
2138 | GNS resolvers SHOULD offer a configuration | 2138 | GNS resolvers <bcp14>SHOULD</bcp14> offer a configuration |
2139 | option to disable DNS processing to avoid information leakage | 2139 | option to disable DNS processing to avoid information leakage |
2140 | and provide a consistent security profile for all name resolutions. | 2140 | and provide a consistent security profile for all name resolutions. |
2141 | Such resolvers would return an empty record set upon encountering | 2141 | Such resolvers would return an empty record set upon encountering |
2142 | a GNS2DNS record during the recursion. However, if GNS2DNS records | 2142 | a GNS2DNS record during the recursion. However, if GNS2DNS records |
2143 | are encountered in the record set for the apex label and a GNS2DNS record | 2143 | are encountered in the record set for the apex label and a GNS2DNS record |
2144 | is explicitly requested by the application, such records MUST | 2144 | is explicitly requested by the application, such records <bcp14>MUST</bcp14> |
2145 | still be returned, even if DNS support is disabled by the | 2145 | still be returned, even if DNS support is disabled by the |
2146 | GNS resolver configuration. | 2146 | GNS resolver configuration. |
2147 | </t> | 2147 | </t> |
@@ -2168,20 +2168,20 @@ example.com = zTLD2 := Base32GNS(ztype2||zk2) | |||
2168 | GNS zone specified in the delegation record. | 2168 | GNS zone specified in the delegation record. |
2169 | </t> | 2169 | </t> |
2170 | <t> | 2170 | <t> |
2171 | Whenever a resolver encounters a new GNS zone, it MUST | 2171 | Whenever a resolver encounters a new GNS zone, it <bcp14>MUST</bcp14> |
2172 | check against the local revocation list whether the respective | 2172 | check against the local revocation list whether the respective |
2173 | zone key has been revoked. If the zone key was revoked, the | 2173 | zone key has been revoked. If the zone key was revoked, the |
2174 | resolution MUST fail with an empty result set. | 2174 | resolution <bcp14>MUST</bcp14> fail with an empty result set. |
2175 | </t> | 2175 | </t> |
2176 | <t> | 2176 | <t> |
2177 | Implementations MUST NOT allow multiple different zone | 2177 | Implementations <bcp14>MUST</bcp14> NOT allow multiple different zone |
2178 | delegations under a single label. | 2178 | delegations under a single label. |
2179 | Implementations MAY support any subset of ztypes. | 2179 | Implementations <bcp14>MAY</bcp14> support any subset of ztypes. |
2180 | Handling of | 2180 | Handling of |
2181 | Implementations MUST NOT process zone delegation for the apex | 2181 | Implementations <bcp14>MUST</bcp14> NOT process zone delegation for the apex |
2182 | label "@". Upon encountering a zone delegation record under | 2182 | label "@". Upon encountering a zone delegation record under |
2183 | this label, resolution fails and an error MUST be returned. The | 2183 | this label, resolution fails and an error <bcp14>MUST</bcp14> be returned. The |
2184 | implementation MAY choose not to return the reason for the failure, | 2184 | implementation <bcp14>MAY</bcp14> choose not to return the reason for the failure, |
2185 | merely impacting troubleshooting information for the user. | 2185 | merely impacting troubleshooting information for the user. |
2186 | </t> | 2186 | </t> |
2187 | <t> | 2187 | <t> |
@@ -2250,7 +2250,7 @@ NICK: john (Supplemental) | |||
2250 | <name>Internationalization and Character Encoding</name> | 2250 | <name>Internationalization and Character Encoding</name> |
2251 | <t> | 2251 | <t> |
2252 | All names in GNS are encoded in UTF-8 <xref target="RFC3629" />. | 2252 | All names in GNS are encoded in UTF-8 <xref target="RFC3629" />. |
2253 | Labels MUST be canonicalized using | 2253 | Labels <bcp14>MUST</bcp14> be canonicalized using |
2254 | Normalization Form C (NFC) <xref target="Unicode-UAX15"/>. | 2254 | Normalization Form C (NFC) <xref target="Unicode-UAX15"/>. |
2255 | This does not include any DNS names found in DNS records, such as CNAME | 2255 | This does not include any DNS names found in DNS records, such as CNAME |
2256 | record data, which is internationalized through the IDNA specifications | 2256 | record data, which is internationalized through the IDNA specifications |
@@ -2263,13 +2263,13 @@ NICK: john (Supplemental) | |||
2263 | <name>Availability</name> | 2263 | <name>Availability</name> |
2264 | <t> | 2264 | <t> |
2265 | In order to ensure availability of records beyond their | 2265 | In order to ensure availability of records beyond their |
2266 | absolute expiration times, implementations MAY allow to locally | 2266 | absolute expiration times, implementations <bcp14>MAY</bcp14> allow to locally |
2267 | define relative expiration time values of records. | 2267 | define relative expiration time values of records. |
2268 | Records can then be published recurringly with updated | 2268 | Records can then be published recurringly with updated |
2269 | absolute expiration times by the implementation. | 2269 | absolute expiration times by the implementation. |
2270 | </t> | 2270 | </t> |
2271 | <t> | 2271 | <t> |
2272 | Implementations MAY allow users to manage private records in | 2272 | Implementations <bcp14>MAY</bcp14> allow users to manage private records in |
2273 | their zones that are not published in the storage. | 2273 | their zones that are not published in the storage. |
2274 | Private records are considered just like | 2274 | Private records are considered just like |
2275 | regular records when resolving labels in local zones, | 2275 | regular records when resolving labels in local zones, |
@@ -2284,11 +2284,11 @@ NICK: john (Supplemental) | |||
2284 | with those algorithms. The security also depends on the engineering | 2284 | with those algorithms. The security also depends on the engineering |
2285 | of the protocol used by the system to ensure that there are no | 2285 | of the protocol used by the system to ensure that there are no |
2286 | non-cryptographic ways to bypass the security of the overall system. | 2286 | non-cryptographic ways to bypass the security of the overall system. |
2287 | This is why developers of applications managing GNS zones SHOULD | 2287 | This is why developers of applications managing GNS zones <bcp14>SHOULD</bcp14> |
2288 | select a default ztype considered secure at the time of | 2288 | select a default ztype considered secure at the time of |
2289 | releasing the software. | 2289 | releasing the software. |
2290 | For applications targeting end users that are not expected to | 2290 | For applications targeting end users that are not expected to |
2291 | understand cryptography, the application developer MUST NOT leave | 2291 | understand cryptography, the application developer <bcp14>MUST</bcp14> NOT leave |
2292 | the ztype selection of new zones to end users. | 2292 | the ztype selection of new zones to end users. |
2293 | </t> | 2293 | </t> |
2294 | <t> | 2294 | <t> |
@@ -2342,24 +2342,24 @@ NICK: john (Supplemental) | |||
2342 | ensured because each time a block is published into the storage, its IV is | 2342 | ensured because each time a block is published into the storage, its IV is |
2343 | unique as the expiration time is calculated dynamically and increases | 2343 | unique as the expiration time is calculated dynamically and increases |
2344 | monotonically with the system time. Still, | 2344 | monotonically with the system time. Still, |
2345 | an implementation MUST ensure that when relative expiration times | 2345 | an implementation <bcp14>MUST</bcp14> ensure that when relative expiration times |
2346 | are decreased, the expiration time of the next record block MUST | 2346 | are decreased, the expiration time of the next record block <bcp14>MUST</bcp14> |
2347 | be after the last published block. | 2347 | be after the last published block. |
2348 | For records where an absolute expiration time is used, the implementation | 2348 | For records where an absolute expiration time is used, the implementation |
2349 | MUST ensure that the expiration time is always increased when the record | 2349 | <bcp14>MUST</bcp14> ensure that the expiration time is always increased when the record |
2350 | data changes. For example, the expiration time on the wire may be increased | 2350 | data changes. For example, the expiration time on the wire may be increased |
2351 | by a single microsecond even if the user did not request a change. | 2351 | by a single microsecond even if the user did not request a change. |
2352 | In case of deletion of all resource records under a label, the | 2352 | In case of deletion of all resource records under a label, the |
2353 | implementation MUST keep track of the last absolute expiration time | 2353 | implementation <bcp14>MUST</bcp14> keep track of the last absolute expiration time |
2354 | of the last published resource block. Implementations MAY define | 2354 | of the last published resource block. Implementations <bcp14>MAY</bcp14> define |
2355 | and use a special record type as a tombstone that preserves the last | 2355 | and use a special record type as a tombstone that preserves the last |
2356 | absolute expiration time, but then MUST take care to not publish a | 2356 | absolute expiration time, but then <bcp14>MUST</bcp14> take care to not publish a |
2357 | block with this record. | 2357 | block with this record. |
2358 | When new records are added under this label later, the implementation | 2358 | When new records are added under this label later, the implementation |
2359 | MUST ensure that the expiration times are after the last published | 2359 | <bcp14>MUST</bcp14> ensure that the expiration times are after the last published |
2360 | block. | 2360 | block. |
2361 | Finally, in order to ensure monotonically increasing expiration times | 2361 | Finally, in order to ensure monotonically increasing expiration times |
2362 | the implementation MUST keep a local record of the last time obtained | 2362 | the implementation <bcp14>MUST</bcp14> keep a local record of the last time obtained |
2363 | from the system clock, so as to construct a monotonic clock in case | 2363 | from the system clock, so as to construct a monotonic clock in case |
2364 | the system clock jumps backwards. | 2364 | the system clock jumps backwards. |
2365 | </t> | 2365 | </t> |
@@ -2551,10 +2551,10 @@ NICK: john (Supplemental) | |||
2551 | gns-registry@gnunet.org. | 2551 | gns-registry@gnunet.org. |
2552 | </t> | 2552 | </t> |
2553 | <t> | 2553 | <t> |
2554 | Any request MUST contain a unique name and a point of contact. | 2554 | Any request <bcp14>MUST</bcp14> contain a unique name and a point of contact. |
2555 | The contact information MAY be added to the registry given the consent | 2555 | The contact information <bcp14>MAY</bcp14> be added to the registry given the consent |
2556 | of the requester. | 2556 | of the requester. |
2557 | The request MAY optionally also contain relevant references as well | 2557 | The request <bcp14>MAY</bcp14> optionally also contain relevant references as well |
2558 | as a descriptive comment as defined above. | 2558 | as a descriptive comment as defined above. |
2559 | </t> | 2559 | </t> |
2560 | <t> | 2560 | <t> |
@@ -2950,7 +2950,7 @@ Purpose | Name | References | Comment | |||
2950 | If the bit length of the byte string to encode is not a multiple of 5 | 2950 | If the bit length of the byte string to encode is not a multiple of 5 |
2951 | it is padded to the next multiple with zeroes. | 2951 | it is padded to the next multiple with zeroes. |
2952 | In order to further increase tolerance for failures in character | 2952 | In order to further increase tolerance for failures in character |
2953 | recognition, the letter "U" MUST be decoded to the same value as the | 2953 | recognition, the letter "U" <bcp14>MUST</bcp14> be decoded to the same value as the |
2954 | letter "V" in Base32GNS. | 2954 | letter "V" in Base32GNS. |
2955 | </t> | 2955 | </t> |
2956 | <figure anchor="CrockfordB32Encode" title="The Base32GNS Alphabet Including the Additional U Encode Symbol."> | 2956 | <figure anchor="CrockfordB32Encode" title="The Base32GNS Alphabet Including the Additional U Encode Symbol."> |