[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0001] branch master updated: add concept of supplemental records
From: |
gnunet |
Subject: |
[lsd0001] branch master updated: add concept of supplemental records |
Date: |
Thu, 13 Feb 2020 19:27:38 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new ca5614d add concept of supplemental records
ca5614d is described below
commit ca5614d7f6b1213c94dade53a251511da5a00985
Author: Martin Schanzenbach <address@hidden>
AuthorDate: Thu Feb 13 19:23:45 2020 +0100
add concept of supplemental records
---
draft-schanzen-gns.html | 572 +++++++++++++++++++++++++++---------------------
draft-schanzen-gns.txt | 88 ++++----
draft-schanzen-gns.xml | 38 ++--
3 files changed, 394 insertions(+), 304 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
index 200b84e..1d20fbf 100644
--- a/draft-schanzen-gns.html
+++ b/draft-schanzen-gns.html
@@ -4,18 +4,17 @@
<meta charset="utf-8">
<meta content="Common,Latin" name="scripts">
<meta content="initial-scale=1.0" name="viewport">
-<title>
- The GNU Name System Specification
- </title>
+<title>The GNU Name System Specification</title>
<meta content="Martin Schanzenbach" name="author">
<meta content="Christian Grothoff" name="author">
<meta content="Bernd Fix" name="author">
<meta content="
This document contains the GNU Name System (GNS) technical
specification.
" name="description">
-<meta content="xml2rfc 2.26.0" name="generator">
+<meta content="xml2rfc 2.39.0" name="generator">
<meta content="name systems" name="keyword">
-<link href="draft-schanzen-gns.xml" type="application/rfc+xml" rel="alternate">
+<meta content="draft-schanzen-gns-00" name="ietf.draft">
+<link href="draft-schanzen-gns.xml" rel="alternate" type="application/rfc+xml">
<link href="#copyright" rel="license">
<style type="text/css">/*
@@ -911,17 +910,16 @@ caption a[href] {
}
/* Avoid page breaks inside dl and author address entries */
- dd {
- page-break-before: avoid;
- }
.vcard {
page-break-inside: avoid;
}
}
/* Avoid wrapping of URLs in references */
-.references a {
- white-space: nowrap;
+@media screen {
+ .references a {
+ white-space: nowrap;
+ }
}
/* Tweak the bcp14 keyword presentation */
.bcp14 {
@@ -943,10 +941,12 @@ caption a[href] {
padding-top: 24px;
}
/* Float artwork pilcrow to the right */
-.artwork a.pilcrow {
- display: block;
- line-height: 0.7;
- margin-top: 0.15em;
+@media screen {
+ .artwork a.pilcrow {
+ display: block;
+ line-height: 0.7;
+ margin-top: 0.15em;
+ }
}
/* Make pilcrows on dd visible */
@media screen {
@@ -966,12 +966,84 @@ caption a[href] {
.alignRight {
margin: 1em 0 0 0;
}
-</style>
-<link href="rfc-local.css" type="text/css" rel="stylesheet">
+/* In print, the pilcrow won't show on hover, so prevent it from taking up
space,
+ possibly even requiring a new line */
+@media print {
+ a.pilcrow {
+ display: none;
+ }
+}
+/* Styling for the external metadata */
+div#external-metadata {
+ background-color: #eee;
+ padding: 0.5em;
+ margin-bottom: 0.5em;
+ display: none;
+}
+div#internal-metadata {
+ padding: 0.5em; /* to match the external-metadata
padding */
+}
+/* Styling for title RFC Number */
+h1#rfcnum {
+ clear: both;
+ margin: 0 0 -1em;
+ padding: 1em 0 0 0;
+}
+/* Make .olPercent look the same as <ol><li> */
+dl.olPercent > dd {
+ margin: 0 0 0.25em 0;
+ min-height: initial;
+}
+/* Give aside some styling to set it apart */
+aside {
+ border-left: 1px solid #ddd;
+ margin: 1em 0 1em 2em;
+ padding: 0.2em 2em;
+}
+aside > dl,
+aside > ol,
+aside > ul,
+aside > table,
+aside > p {
+ margin-bottom: 0.5em;
+}
+/* Additional page break settings */
+@media print {
+ figcaption, table caption {
+ page-break-before: avoid;
+ }
+}
+/* Font size adjustments for print */
+@media print {
+ body { font-size: 10pt; line-height: normal; max-width: 96%; }
+ h1 { font-size: 1.72em; padding-top: 1.5em; } /* 1*1.2*1.2*1.2 */
+ h2 { font-size: 1.44em; padding-top: 1.5em; } /* 1*1.2*1.2 */
+ h3 { font-size: 1.2em; padding-top: 1.5em; } /* 1*1.2 */
+ h4 { font-size: 1em; padding-top: 1.5em; }
+ h5, h6 { font-size: 1em; margin: initial; padding: 0.5em 0 0.3em; }
+}
+/* Sourcecode margin in print, when there's no pilcrow */
+@media print {
+ .artwork,
+ .sourcecode {
+ margin-bottom: 1em;
+ }
+}
+/*
+ The margin-left: 0 on <dd> removes all distinction
+ between levels from nested <dl>s. Undo that.
+*/
+dl.olPercent > dd,
+dd {
+ margin-left: revert;
+}
+/* Avoid narrow tables forcing too narrow table captions, which may render
badly */
+table {
+ min-width: 20em;
+}</style>
+<link href="rfc-local.css" rel="stylesheet" type="text/css">
</head>
<body>
-<script>
-async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(let
t=0;t<e.length;t++)if(/#identifiers/.exec(e[t].selectorText)){const
a=e[t].cssText.replace("#identifiers","#metadata");document.styleSheets[0].insertRule(a,document.styleSheets[0].cssRules.length)}}catch(e){console.log(e)}const
e=document.getElementById("metadata");if(e){e.style.background="#eee";try{var
t;t=document.URL.indexOf("html")>=0?document.URL.replace(/html$/,"json"):document.URL+".json";const
o=aw [...]
<script src="metadata.min.js"></script>
<table class="ears">
<thead><tr>
@@ -985,7 +1057,8 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<td class="right">[Page]</td>
</tr></tfoot>
</table>
-<div class="document-information">
+<div id="external-metadata" class="document-information"></div>
+<div id="internal-metadata" class="document-information">
<dl id="identifiers">
<dt class="label-workgroup">Workgroup:</dt>
<dd class="workgroup">Independent Stream</dd>
@@ -1016,9 +1089,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
</dd>
</dl>
</div>
-<h1 id="title">
- The GNU Name System Specification
- </h1>
+<h1 id="title">The GNU Name System Specification</h1>
<section id="section-abstract">
<h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
<p id="section-abstract-1">This document contains the GNU Name System (GNS)
technical specification.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
@@ -1066,117 +1137,117 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
</section>
</div>
<div id="toc">
-<section id="section-boilerplate.3">
+<section id="section-toc.1">
<a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2
id="name-table-of-contents">
<a href="#name-table-of-contents" class="section-name selfRef">Table of
Contents</a>
</h2>
<nav class="toc"><ul class="toc ulEmpty">
-<li class="toc ulEmpty" id="section-boilerplate.3-1.1">
- <p id="section-boilerplate.3-1.1.1"><a href="#section-1"
class="xref">1</a>. <a href="#name-introduction"
class="xref">Introduction</a><a href="#section-boilerplate.3-1.1.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.1">
+ <p id="section-toc.1-1.1.1"><a href="#section-1"
class="xref">1</a>. <a href="#name-introduction"
class="xref">Introduction</a><a href="#section-toc.1-1.1.1"
class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.2">
- <p id="section-boilerplate.3-1.2.1"><a href="#section-2"
class="xref">2</a>. <a href="#name-zones" class="xref">Zones</a><a
href="#section-boilerplate.3-1.2.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.2">
+ <p id="section-toc.1-1.2.1"><a href="#section-2"
class="xref">2</a>. <a href="#name-zones" class="xref">Zones</a><a
href="#section-toc.1-1.2.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3">
- <p id="section-boilerplate.3-1.3.1"><a href="#section-3"
class="xref">3</a>. <a href="#name-resource-records" class="xref">Resource
Records</a><a href="#section-boilerplate.3-1.3.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3">
+ <p id="section-toc.1-1.3.1"><a href="#section-3"
class="xref">3</a>. <a href="#name-resource-records" class="xref">Resource
Records</a><a href="#section-toc.1-1.3.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty">
-<li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.1">
- <p id="section-boilerplate.3-1.3.2.1.1"><a href="#section-3.1"
class="xref">3.1</a>. <a href="#name-record-types" class="xref">Record
Types</a><a href="#section-boilerplate.3-1.3.2.1.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.1">
+ <p id="section-toc.1-1.3.2.1.1"><a href="#section-3.1"
class="xref">3.1</a>. <a href="#name-record-types" class="xref">Record
Types</a><a href="#section-toc.1-1.3.2.1.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.2">
- <p id="section-boilerplate.3-1.3.2.2.1"><a href="#section-3.2"
class="xref">3.2</a>. <a href="#name-pkey" class="xref">PKEY</a><a
href="#section-boilerplate.3-1.3.2.2.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.2">
+ <p id="section-toc.1-1.3.2.2.1"><a href="#section-3.2"
class="xref">3.2</a>. <a href="#name-pkey" class="xref">PKEY</a><a
href="#section-toc.1-1.3.2.2.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.3">
- <p id="section-boilerplate.3-1.3.2.3.1"><a href="#section-3.3"
class="xref">3.3</a>. <a href="#name-gns2dns" class="xref">GNS2DNS</a><a
href="#section-boilerplate.3-1.3.2.3.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.3">
+ <p id="section-toc.1-1.3.2.3.1"><a href="#section-3.3"
class="xref">3.3</a>. <a href="#name-gns2dns" class="xref">GNS2DNS</a><a
href="#section-toc.1-1.3.2.3.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.4">
- <p id="section-boilerplate.3-1.3.2.4.1"><a href="#section-3.4"
class="xref">3.4</a>. <a href="#name-leho" class="xref">LEHO</a><a
href="#section-boilerplate.3-1.3.2.4.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.4">
+ <p id="section-toc.1-1.3.2.4.1"><a href="#section-3.4"
class="xref">3.4</a>. <a href="#name-leho" class="xref">LEHO</a><a
href="#section-toc.1-1.3.2.4.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.5">
- <p id="section-boilerplate.3-1.3.2.5.1"><a href="#section-3.5"
class="xref">3.5</a>. <a href="#name-nick" class="xref">NICK</a><a
href="#section-boilerplate.3-1.3.2.5.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.5">
+ <p id="section-toc.1-1.3.2.5.1"><a href="#section-3.5"
class="xref">3.5</a>. <a href="#name-nick" class="xref">NICK</a><a
href="#section-toc.1-1.3.2.5.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.6">
- <p id="section-boilerplate.3-1.3.2.6.1"><a href="#section-3.6"
class="xref">3.6</a>. <a href="#name-box" class="xref">BOX</a><a
href="#section-boilerplate.3-1.3.2.6.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.6">
+ <p id="section-toc.1-1.3.2.6.1"><a href="#section-3.6"
class="xref">3.6</a>. <a href="#name-box" class="xref">BOX</a><a
href="#section-toc.1-1.3.2.6.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.3.2.7">
- <p id="section-boilerplate.3-1.3.2.7.1"><a href="#section-3.7"
class="xref">3.7</a>. <a href="#name-vpn" class="xref">VPN</a><a
href="#section-boilerplate.3-1.3.2.7.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.3.2.7">
+ <p id="section-toc.1-1.3.2.7.1"><a href="#section-3.7"
class="xref">3.7</a>. <a href="#name-vpn" class="xref">VPN</a><a
href="#section-toc.1-1.3.2.7.1" class="pilcrow">¶</a></p>
</li>
- </ul>
+</ul>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.4">
- <p id="section-boilerplate.3-1.4.1"><a href="#section-4"
class="xref">4</a>. <a href="#name-publishing-records" class="xref">Publishing
Records</a><a href="#section-boilerplate.3-1.4.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.4">
+ <p id="section-toc.1-1.4.1"><a href="#section-4"
class="xref">4</a>. <a href="#name-publishing-records" class="xref">Publishing
Records</a><a href="#section-toc.1-1.4.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty">
-<li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.1">
- <p id="section-boilerplate.3-1.4.2.1.1"><a href="#section-4.1"
class="xref">4.1</a>. <a href="#name-key-derivations" class="xref">Key
Derivations</a><a href="#section-boilerplate.3-1.4.2.1.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.4.2.1">
+ <p id="section-toc.1-1.4.2.1.1"><a href="#section-4.1"
class="xref">4.1</a>. <a href="#name-key-derivations" class="xref">Key
Derivations</a><a href="#section-toc.1-1.4.2.1.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.2">
- <p id="section-boilerplate.3-1.4.2.2.1"><a href="#section-4.2"
class="xref">4.2</a>. <a href="#name-resource-records-block"
class="xref">Resource Records Block</a><a
href="#section-boilerplate.3-1.4.2.2.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.4.2.2">
+ <p id="section-toc.1-1.4.2.2.1"><a href="#section-4.2"
class="xref">4.2</a>. <a href="#name-resource-records-block"
class="xref">Resource Records Block</a><a href="#section-toc.1-1.4.2.2.1"
class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.4.2.3">
- <p id="section-boilerplate.3-1.4.2.3.1"><a href="#section-4.3"
class="xref">4.3</a>. <a href="#name-record-data-encryption-and-"
class="xref">Record Data Encryption and Decryption</a><a
href="#section-boilerplate.3-1.4.2.3.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.4.2.3">
+ <p id="section-toc.1-1.4.2.3.1"><a href="#section-4.3"
class="xref">4.3</a>. <a href="#name-record-data-encryption-and-"
class="xref">Record Data Encryption and Decryption</a><a
href="#section-toc.1-1.4.2.3.1" class="pilcrow">¶</a></p>
</li>
- </ul>
+</ul>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.5">
- <p id="section-boilerplate.3-1.5.1"><a href="#section-5"
class="xref">5</a>. <a href="#name-internationalization-and-ch"
class="xref">Internationalization and Character Encoding</a><a
href="#section-boilerplate.3-1.5.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.5">
+ <p id="section-toc.1-1.5.1"><a href="#section-5"
class="xref">5</a>. <a href="#name-internationalization-and-ch"
class="xref">Internationalization and Character Encoding</a><a
href="#section-toc.1-1.5.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.6">
- <p id="section-boilerplate.3-1.6.1"><a href="#section-6"
class="xref">6</a>. <a href="#name-name-resolution" class="xref">Name
Resolution</a><a href="#section-boilerplate.3-1.6.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6">
+ <p id="section-toc.1-1.6.1"><a href="#section-6"
class="xref">6</a>. <a href="#name-name-resolution" class="xref">Name
Resolution</a><a href="#section-toc.1-1.6.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty">
-<li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.1">
- <p id="section-boilerplate.3-1.6.2.1.1"><a href="#section-6.1"
class="xref">6.1</a>. <a href="#name-recursion" class="xref">Recursion</a><a
href="#section-boilerplate.3-1.6.2.1.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.1">
+ <p id="section-toc.1-1.6.2.1.1"><a href="#section-6.1"
class="xref">6.1</a>. <a href="#name-recursion" class="xref">Recursion</a><a
href="#section-toc.1-1.6.2.1.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.2">
- <p id="section-boilerplate.3-1.6.2.2.1"><a href="#section-6.2"
class="xref">6.2</a>. <a href="#name-record-processing" class="xref">Record
Processing</a><a href="#section-boilerplate.3-1.6.2.2.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2">
+ <p id="section-toc.1-1.6.2.2.1"><a href="#section-6.2"
class="xref">6.2</a>. <a href="#name-record-processing" class="xref">Record
Processing</a><a href="#section-toc.1-1.6.2.2.1" class="pilcrow">¶</a></p>
<ul class="toc ulEmpty">
-<li class="toc ulEmpty" id="section-boilerplate.3-1.6.2.2.2.1">
- <p id="section-boilerplate.3-1.6.2.2.2.1.1"><a
href="#section-6.2.1" class="xref">6.2.1</a>. <a href="#name-pkey-2"
class="xref">PKEY</a><a href="#section-boilerplate.3-1.6.2.2.2.1.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2.2.1">
+ <p id="section-toc.1-1.6.2.2.2.1.1"><a
href="#section-6.2.1" class="xref">6.2.1</a>. <a href="#name-pkey-2"
class="xref">PKEY</a><a href="#section-toc.1-1.6.2.2.2.1.1"
class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty"
id="section-boilerplate.3-1.6.2.2.2.2">
- <p id="section-boilerplate.3-1.6.2.2.2.2.1"><a
href="#section-6.2.2" class="xref">6.2.2</a>. <a href="#name-gns2dns-2"
class="xref">GNS2DNS</a><a href="#section-boilerplate.3-1.6.2.2.2.2.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2.2.2">
+ <p id="section-toc.1-1.6.2.2.2.2.1"><a
href="#section-6.2.2" class="xref">6.2.2</a>. <a href="#name-gns2dns-2"
class="xref">GNS2DNS</a><a href="#section-toc.1-1.6.2.2.2.2.1"
class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty"
id="section-boilerplate.3-1.6.2.2.2.3">
- <p id="section-boilerplate.3-1.6.2.2.2.3.1"><a
href="#section-6.2.3" class="xref">6.2.3</a>. <a href="#name-cname"
class="xref">CNAME</a><a href="#section-boilerplate.3-1.6.2.2.2.3.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2.2.3">
+ <p id="section-toc.1-1.6.2.2.2.3.1"><a
href="#section-6.2.3" class="xref">6.2.3</a>. <a href="#name-cname"
class="xref">CNAME</a><a href="#section-toc.1-1.6.2.2.2.3.1"
class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty"
id="section-boilerplate.3-1.6.2.2.2.4">
- <p id="section-boilerplate.3-1.6.2.2.2.4.1"><a
href="#section-6.2.4" class="xref">6.2.4</a>. <a href="#name-box-2"
class="xref">BOX</a><a href="#section-boilerplate.3-1.6.2.2.2.4.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2.2.4">
+ <p id="section-toc.1-1.6.2.2.2.4.1"><a
href="#section-6.2.4" class="xref">6.2.4</a>. <a href="#name-box-2"
class="xref">BOX</a><a href="#section-toc.1-1.6.2.2.2.4.1"
class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty"
id="section-boilerplate.3-1.6.2.2.2.5">
- <p id="section-boilerplate.3-1.6.2.2.2.5.1"><a
href="#section-6.2.5" class="xref">6.2.5</a>. <a href="#name-vpn-2"
class="xref">VPN</a><a href="#section-boilerplate.3-1.6.2.2.2.5.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.6.2.2.2.5">
+ <p id="section-toc.1-1.6.2.2.2.5.1"><a
href="#section-6.2.5" class="xref">6.2.5</a>. <a href="#name-vpn-2"
class="xref">VPN</a><a href="#section-toc.1-1.6.2.2.2.5.1"
class="pilcrow">¶</a></p>
</li>
- </ul>
+</ul>
</li>
- </ul>
+</ul>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.7">
- <p id="section-boilerplate.3-1.7.1"><a href="#section-7"
class="xref">7</a>. <a href="#name-zone-revocation" class="xref">Zone
Revocation</a><a href="#section-boilerplate.3-1.7.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.7">
+ <p id="section-toc.1-1.7.1"><a href="#section-7"
class="xref">7</a>. <a href="#name-zone-revocation" class="xref">Zone
Revocation</a><a href="#section-toc.1-1.7.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.8">
- <p id="section-boilerplate.3-1.8.1"><a href="#section-8"
class="xref">8</a>. <a href="#name-determining-the-root-zone-a"
class="xref">Determining the Root Zone and Zone Governance</a><a
href="#section-boilerplate.3-1.8.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.8">
+ <p id="section-toc.1-1.8.1"><a href="#section-8"
class="xref">8</a>. <a href="#name-determining-the-root-zone-a"
class="xref">Determining the Root Zone and Zone Governance</a><a
href="#section-toc.1-1.8.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.9">
- <p id="section-boilerplate.3-1.9.1"><a href="#section-9"
class="xref">9</a>. <a href="#name-security-considerations"
class="xref">Security Considerations</a><a href="#section-boilerplate.3-1.9.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.9">
+ <p id="section-toc.1-1.9.1"><a href="#section-9"
class="xref">9</a>. <a href="#name-security-considerations"
class="xref">Security Considerations</a><a href="#section-toc.1-1.9.1"
class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.10">
- <p id="section-boilerplate.3-1.10.1"><a href="#section-10"
class="xref">10</a>. <a href="#name-iana-considerations" class="xref">IANA
Considerations</a><a href="#section-boilerplate.3-1.10.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.10">
+ <p id="section-toc.1-1.10.1"><a href="#section-10"
class="xref">10</a>. <a href="#name-iana-considerations" class="xref">IANA
Considerations</a><a href="#section-toc.1-1.10.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.11">
- <p id="section-boilerplate.3-1.11.1"><a href="#section-11"
class="xref">11</a>. <a href="#name-test-vectors" class="xref">Test
Vectors</a><a href="#section-boilerplate.3-1.11.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.11">
+ <p id="section-toc.1-1.11.1"><a href="#section-11"
class="xref">11</a>. <a href="#name-test-vectors" class="xref">Test
Vectors</a><a href="#section-toc.1-1.11.1" class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.12">
- <p id="section-boilerplate.3-1.12.1"><a href="#section-12"
class="xref">12</a>. <a href="#name-normative-references"
class="xref">Normative References</a><a href="#section-boilerplate.3-1.12.1"
class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.12">
+ <p id="section-toc.1-1.12.1"><a href="#section-12"
class="xref">12</a>. <a href="#name-normative-references"
class="xref">Normative References</a><a href="#section-toc.1-1.12.1"
class="pilcrow">¶</a></p>
</li>
- <li class="toc ulEmpty" id="section-boilerplate.3-1.13">
- <p id="section-boilerplate.3-1.13.1"><a href="#section-appendix.a"
class="xref"></a> <a href="#name-authors-addresses" class="xref">Authors'
Addresses</a><a href="#section-boilerplate.3-1.13.1" class="pilcrow">¶</a></p>
+<li class="toc ulEmpty" id="section-toc.1-1.13">
+ <p id="section-toc.1-1.13.1"><a href="#section-appendix.a"
class="xref"></a><a href="#name-authors-addresses" class="xref">Authors'
Addresses</a><a href="#section-toc.1-1.13.1" class="pilcrow">¶</a></p>
</li>
- </ul>
+</ul>
</nav>
</section>
</div>
<div id="introduction">
<section id="section-1">
<h2 id="name-introduction">
-<a href="#section-1" class="section-number selfRef">1. </a><a
href="#name-introduction" class="section-name selfRef">Introduction</a>
+<a href="#section-1" class="section-number selfRef">1. </a><a
href="#name-introduction" class="section-name selfRef">Introduction</a>
</h2>
<p id="section-1-1">
The Domain Name System (DNS) is a unique distributed database and a
vital
@@ -1224,7 +1295,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="zones">
<section id="section-2">
<h2 id="name-zones">
-<a href="#section-2" class="section-number selfRef">2. </a><a
href="#name-zones" class="section-name selfRef">Zones</a>
+<a href="#section-2" class="section-number selfRef">2. </a><a
href="#name-zones" class="section-name selfRef">Zones</a>
</h2>
<p id="section-2-1">
A zone in GNS is defined by a public/private ECDSA key pair (d,zk),
@@ -1236,40 +1307,40 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
cryptographic primitives:<a href="#section-2-1"
class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-2-2">
<dt id="section-2-2.1">d</dt>
- <dd id="section-2-2.2">
+<dd id="section-2-2.2">
is a 256-bit ECDSA private key.
In GNS, records are signed using a key derived from "d" as described
in
<a href="#publish" class="xref">Section 4</a>.<a
href="#section-2-2.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-2-2.3">p</dt>
- <dd id="section-2-2.4">
+<dt id="section-2-2.3">p</dt>
+<dd id="section-2-2.4">
is the prime of edwards25519 as defined in <span>[<a href="#RFC7748"
class="xref">RFC7748</a>]</span>, i.e.
2^255 - 19.<a href="#section-2-2.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-2-2.5">B</dt>
- <dd id="section-2-2.6">
+<dt id="section-2-2.5">B</dt>
+<dd id="section-2-2.6">
is the group generator (X(P),Y(P)) of edwards25519 as defined in
<span>[<a href="#RFC7748" class="xref">RFC7748</a>]</span>.<a
href="#section-2-2.6" class="pilcrow">¶</a>
</dd>
- <dt id="section-2-2.7">L</dt>
- <dd id="section-2-2.8">
+<dt id="section-2-2.7">L</dt>
+<dd id="section-2-2.8">
is the prime-order subgroup of edwards25519 in <span>[<a
href="#RFC7748" class="xref">RFC7748</a>]</span>.<a href="#section-2-2.8"
class="pilcrow">¶</a>
</dd>
- <dt id="section-2-2.9">zk</dt>
- <dd id="section-2-2.10">
+<dt id="section-2-2.9">zk</dt>
+<dd id="section-2-2.10">
is the ECDSA public key corresponding to d. It is defined in
<span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span> as the
curve point d*B where B is the group
generator of the elliptic curve.
The public key is used to uniquely identify a GNS zone and is
referred to
as the "zone key".<a href="#section-2-2.10" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="rrecords">
<section id="section-3">
<h2 id="name-resource-records">
-<a href="#section-3" class="section-number selfRef">3. </a><a
href="#name-resource-records" class="section-name selfRef">Resource Records</a>
+<a href="#section-3" class="section-number selfRef">3. </a><a
href="#name-resource-records" class="section-name selfRef">Resource Records</a>
</h2>
<p id="section-3-1">
A GNS implementor MUST provide a mechanism to create and manage resource
@@ -1302,18 +1373,18 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<p id="section-3-4">where:<a href="#section-3-4" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3-5">
<dt id="section-3-5.1">EXPIRATION</dt>
- <dd id="section-3-5.2">
+<dd id="section-3-5.2">
denotes the absolute 64-bit expiration date of the record.
In microseconds since midnight (0 hour), January 1, 1970 in network
byte order.<a href="#section-3-5.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-3-5.3">DATA SIZE</dt>
- <dd id="section-3-5.4">
+<dt id="section-3-5.3">DATA SIZE</dt>
+<dd id="section-3-5.4">
denotes the 32-bit size of the DATA field in bytes and in network byte
order.<a href="#section-3-5.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-3-5.5">TYPE</dt>
- <dd id="section-3-5.6">
+<dt id="section-3-5.5">TYPE</dt>
+<dd id="section-3-5.6">
is the 32-bit resource record type. This type can be one of the GNS
resource
records as defined in <a href="#rrecords" class="xref">Section 3</a>
or a DNS record
type as defined in <span>[<a href="#RFC1035"
class="xref">RFC1035</a>]</span> or any of the
@@ -1321,17 +1392,17 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
stored in network byte order. Note that values
below 2^16 are reserved for allocation via IANA (<span>[<a
href="#RFC6895" class="xref">RFC6895</a>]</span>).<a href="#section-3-5.6"
class="pilcrow">¶</a>
</dd>
- <dt id="section-3-5.7">FLAGS</dt>
- <dd id="section-3-5.8">
+<dt id="section-3-5.7">FLAGS</dt>
+<dd id="section-3-5.8">
is a 32-bit resource record flags field (see below).<a
href="#section-3-5.8" class="pilcrow">¶</a>
</dd>
- <dt id="section-3-5.9">DATA</dt>
- <dd id="section-3-5.10">
+<dt id="section-3-5.9">DATA</dt>
+<dd id="section-3-5.10">
the variable-length resource record data payload. The contents are
defined
by the
respective type of the resource record.<a href="#section-3-5.10"
class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
<p id="section-3-6">
Flags indicate metadata surrounding the resource record. A flag
value of 0 indicates that all flags are unset. The following
@@ -1343,7 +1414,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<pre>
... 5 4 3 2 1 0
------+--------+--------+--------+--------+--------+
- / ... | SHADOW | EXPREL | / | PRIVATE| / |
+ / ... | SHADOW | EXPREL | SUPPL | PRIVATE| / |
------+--------+--------+--------+--------+--------+
</pre>
</div>
@@ -1353,33 +1424,43 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3-8" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3-9">
<dt id="section-3-9.1">SHADOW</dt>
- <dd id="section-3-9.2">
+<dd id="section-3-9.2">
If this flag is set, this record should be ignored by resolvers
unless all (other)
records of the same record type have expired. Used to allow zone
publishers to
facilitate good performance when records change by allowing them to
put future
values of records into the DHT. This way, future values can propagate
and may be
cached before the transition becomes active.<a href="#section-3-9.2"
class="pilcrow">¶</a>
</dd>
- <dt id="section-3-9.3">EXPREL</dt>
- <dd id="section-3-9.4">
+<dt id="section-3-9.3">EXPREL</dt>
+<dd id="section-3-9.4">
The expiration time value of the record is a relative time (still in
microseconds)
and not an absolute time. This flag should never be encountered by a
resolver
for records obtained from the DHT, but might be present when a
resolver looks up
private records of a zone hosted locally.<a href="#section-3-9.4"
class="pilcrow">¶</a>
</dd>
- <dt id="section-3-9.5">PRIVATE</dt>
- <dd id="section-3-9.6">
+<dt id="section-3-9.5">
+ SUPPL
+ </dt>
+<dd id="section-3-9.6">
+ This is supplemental record. It is provided in addition to the
+ other records. This flag indicates that this record is not explicitly
+ managed alongside the other records under the respective name but
+ may be useful for the application. This flag should only be
encountered
+ by a resolver for records obtained from the DHT.<a
href="#section-3-9.6" class="pilcrow">¶</a>
+</dd>
+<dt id="section-3-9.7">PRIVATE</dt>
+<dd id="section-3-9.8">
This is a private record of this peer and it should thus not be
published in the DHT. Thus, this flag should never be encountered by
a resolver for records obtained from the DHT.
Private records should still be considered just like
- regular records when resolving labels in local zones.<a
href="#section-3-9.6" class="pilcrow">¶</a>
+ regular records when resolving labels in local zones.<a
href="#section-3-9.8" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
<div id="gnsrecords_numbers">
<section id="section-3.1">
<h3 id="name-record-types">
-<a href="#section-3.1" class="section-number selfRef">3.1. </a><a
href="#name-record-types" class="section-name selfRef">Record Types</a>
+<a href="#section-3.1" class="section-number selfRef">3.1. </a><a
href="#name-record-types" class="section-name selfRef">Record Types</a>
</h3>
<p id="section-3.1-1">
GNS-specific record type numbers start at 2^16, i.e. after the record
@@ -1408,7 +1489,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="gnsrecords_pkey">
<section id="section-3.2">
<h3 id="name-pkey">
-<a href="#section-3.2" class="section-number selfRef">3.2. </a><a
href="#name-pkey" class="section-name selfRef">PKEY</a>
+<a href="#section-3.2" class="section-number selfRef">3.2. </a><a
href="#name-pkey" class="section-name selfRef">PKEY</a>
</h3>
<p id="section-3.2-1">In GNS, a delegation of a label to a zone is represented
through a PKEY
record. A PKEY resource record contains the public key of the zone to
@@ -1433,16 +1514,16 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.2-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.2-4">
<dt id="section-3.2-4.1">PUBLIC KEY</dt>
- <dd id="section-3.2-4.2">
+<dd id="section-3.2-4.2">
A 256-bit ECDSA zone key.<a href="#section-3.2-4.2"
class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="gnsrecords_gns2dns">
<section id="section-3.3">
<h3 id="name-gns2dns">
-<a href="#section-3.3" class="section-number selfRef">3.3. </a><a
href="#name-gns2dns" class="section-name selfRef">GNS2DNS</a>
+<a href="#section-3.3" class="section-number selfRef">3.3. </a><a
href="#name-gns2dns" class="section-name selfRef">GNS2DNS</a>
</h3>
<p id="section-3.3-1">It is possible to delegate a label back into DNS through
a GNS2DNS record.
The resource record contains a DNS name for the resolver to continue
with
@@ -1473,23 +1554,23 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.3-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.3-4">
<dt id="section-3.3-4.1">DNS NAME</dt>
- <dd id="section-3.3-4.2">
+<dd id="section-3.3-4.2">
The name to continue with in DNS (0-terminated).<a
href="#section-3.3-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.3-4.3">DNS SERVER NAME</dt>
- <dd id="section-3.3-4.4">
+<dt id="section-3.3-4.3">DNS SERVER NAME</dt>
+<dd id="section-3.3-4.4">
The DNS server to use. May be an IPv4/IPv6 address in dotted decimal
form or a DNS name. It may also be a relative GNS name ending with a
"+" top-level domain. The value is UTF-8 encoded (also for DNS
names)
and 0-terminated.<a href="#section-3.3-4.4" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="gnsrecords_leho">
<section id="section-3.4">
<h3 id="name-leho">
-<a href="#section-3.4" class="section-number selfRef">3.4. </a><a
href="#name-leho" class="section-name selfRef">LEHO</a>
+<a href="#section-3.4" class="section-number selfRef">3.4. </a><a
href="#name-leho" class="section-name selfRef">LEHO</a>
</h3>
<p id="section-3.4-1">Legacy hostname records can be used by applications that
are expected
to supply a DNS name on the application layer. The most common use
case
@@ -1518,10 +1599,10 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.4-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.4-4">
<dt id="section-3.4-4.1">LEGACY HOSTNAME</dt>
- <dd id="section-3.4-4.2">
+<dd id="section-3.4-4.2">
A UTF-8 string (which is not 0-terminated) representing the legacy
hostname.<a href="#section-3.4-4.2" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
<p id="section-3.4-5">
NOTE: If an application uses a LEHO value in an HTTP request header
(e.g. "Host:" header) it must be converted to a punycode
representation
@@ -1531,15 +1612,16 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="gnsrecords_nick">
<section id="section-3.5">
<h3 id="name-nick">
-<a href="#section-3.5" class="section-number selfRef">3.5. </a><a
href="#name-nick" class="section-name selfRef">NICK</a>
+<a href="#section-3.5" class="section-number selfRef">3.5. </a><a
href="#name-nick" class="section-name selfRef">NICK</a>
</h3>
-<p id="section-3.5-1">Nickname records can be used by zone administrators to
publish an
+<p id="section-3.5-1">
+ Nickname records can be used by zone administrators to publish an
indication on what label this zone prefers to be referred to.
This is a suggestion to other zones what label to use when creating a
PKEY <a href="#gnsrecords_pkey" class="xref">Section 3.2</a> record
containing this zone's
public zone key.
- This record SHOULD only be stored under the empty label "@" but
- MAY be returned with record sets under any label.
+ This record SHOULD only be stored under the empty label "@" but MAY be
+ returned with record sets under any label as a supplemental record.
A NICK DATA entry has the following format:<a href="#section-3.5-1"
class="pilcrow">¶</a></p>
<div id="figure_nickrecord">
<figure id="figure-7">
@@ -1560,17 +1642,17 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.5-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.5-4">
<dt id="section-3.5-4.1">NICKNAME</dt>
- <dd id="section-3.5-4.2">
+<dd id="section-3.5-4.2">
A UTF-8 string (which is not 0-terminated) representing the
preferred
label of the zone. This string MUST NOT include a "." character.<a
href="#section-3.5-4.2" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="gnsrecords_box">
<section id="section-3.6">
<h3 id="name-box">
-<a href="#section-3.6" class="section-number selfRef">3.6. </a><a
href="#name-box" class="section-name selfRef">BOX</a>
+<a href="#section-3.6" class="section-number selfRef">3.6. </a><a
href="#name-box" class="section-name selfRef">BOX</a>
</h3>
<p id="section-3.6-1">
In GNS, every "." in a name delegates to another zone, and
@@ -1606,30 +1688,30 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.6-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.6-4">
<dt id="section-3.6-4.1">PROTO</dt>
- <dd id="section-3.6-4.2">
+<dd id="section-3.6-4.2">
the 16-bit protocol number, e.g. 6 for tcp. In network byte
order.<a href="#section-3.6-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.6-4.3">SVC</dt>
- <dd id="section-3.6-4.4">
+<dt id="section-3.6-4.3">SVC</dt>
+<dd id="section-3.6-4.4">
the 16-bit service value of the boxed record, i.e. the port number.
In network byte order.<a href="#section-3.6-4.4"
class="pilcrow">¶</a>
</dd>
- <dt id="section-3.6-4.5">TYPE</dt>
- <dd id="section-3.6-4.6">
+<dt id="section-3.6-4.5">TYPE</dt>
+<dd id="section-3.6-4.6">
is the 32-bit record type of the boxed record. In network byte
order.<a href="#section-3.6-4.6" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.6-4.7">RECORD DATA</dt>
- <dd id="section-3.6-4.8">
+<dt id="section-3.6-4.7">RECORD DATA</dt>
+<dd id="section-3.6-4.8">
is a variable length field containing the "DATA" format of TYPE as
defined for the respective TYPE in DNS.<a href="#section-3.6-4.8"
class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="gnsrecords_vpn">
<section id="section-3.7">
<h3 id="name-vpn">
-<a href="#section-3.7" class="section-number selfRef">3.7. </a><a
href="#name-vpn" class="section-name selfRef">VPN</a>
+<a href="#section-3.7" class="section-number selfRef">3.7. </a><a
href="#name-vpn" class="section-name selfRef">VPN</a>
</h3>
<p id="section-3.7-1">
A VPN DATA entry has the following format:<a href="#section-3.7-1"
class="pilcrow">¶</a></p>
@@ -1658,21 +1740,21 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
where:<a href="#section-3.7-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-3.7-4">
<dt id="section-3.7-4.1">HOSTING PEER PUBLIC KEY</dt>
- <dd id="section-3.7-4.2">
+<dd id="section-3.7-4.2">
is a 256-bit EdDSA public key identifying the peer hosting the
service.<a href="#section-3.7-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.7-4.3">PROTO</dt>
- <dd id="section-3.7-4.4">
+<dt id="section-3.7-4.3">PROTO</dt>
+<dd id="section-3.7-4.4">
the 16-bit protocol number, e.g. 6 for TCP. In network byte
order.<a href="#section-3.7-4.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-3.7-4.5">SERVICE NAME</dt>
- <dd id="section-3.7-4.6">
+<dt id="section-3.7-4.5">SERVICE NAME</dt>
+<dd id="section-3.7-4.6">
a shared secret used to identify the service at the hosting peer,
used to derive the port number requird to connect to the service.
The service name MUST be a 0-terminated UTF-8 string.<a
href="#section-3.7-4.6" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
</section>
@@ -1680,7 +1762,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="publish">
<section id="section-4">
<h2 id="name-publishing-records">
-<a href="#section-4" class="section-number selfRef">4. </a><a
href="#name-publishing-records" class="section-name selfRef">Publishing
Records</a>
+<a href="#section-4" class="section-number selfRef">4. </a><a
href="#name-publishing-records" class="section-name selfRef">Publishing
Records</a>
</h2>
<p id="section-4-1">
GNS resource records are published in a distributed hash table (DHT).
@@ -1693,7 +1775,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="blinding">
<section id="section-4.1">
<h3 id="name-key-derivations">
-<a href="#section-4.1" class="section-number selfRef">4.1. </a><a
href="#name-key-derivations" class="section-name selfRef">Key Derivations</a>
+<a href="#section-4.1" class="section-number selfRef">4.1. </a><a
href="#name-key-derivations" class="section-name selfRef">Key Derivations</a>
</h3>
<p id="section-4.1-1">
Given a label, the DHT key "q" is derived as follows:<a
href="#section-4.1-1" class="pilcrow">¶</a></p>
@@ -1712,46 +1794,46 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
phase and HMAC-SHA256 for the expansion phase.<a
href="#section-4.1-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-4.1-4">
<dt id="section-4.1-4.1">PRK_h</dt>
- <dd id="section-4.1-4.2">
+<dd id="section-4.1-4.2">
is key material retrieved using an HKDF using the string
"key-derivation" as salt and the public zone key "zk" as initial
keying material.<a href="#section-4.1-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.3">h</dt>
- <dd id="section-4.1-4.4">
+<dt id="section-4.1-4.3">h</dt>
+<dd id="section-4.1-4.4">
is the 512-bit HKDF expansion result. The expansion info input is a
concatenation of the label and string "gns".<a
href="#section-4.1-4.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.5">d</dt>
- <dd id="section-4.1-4.6">
+<dt id="section-4.1-4.5">d</dt>
+<dd id="section-4.1-4.6">
is the 256-bit private zone key as defined in <a href="#zones"
class="xref">Section 2</a>.<a href="#section-4.1-4.6" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.7">label</dt>
- <dd id="section-4.1-4.8">
+<dt id="section-4.1-4.7">label</dt>
+<dd id="section-4.1-4.8">
is a UTF-8 string under which the resource records are published.<a
href="#section-4.1-4.8" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.9">d_h</dt>
- <dd id="section-4.1-4.10">
+<dt id="section-4.1-4.9">d_h</dt>
+<dd id="section-4.1-4.10">
is a 256-bit private key derived from the "d" using the
keying material "h".<a href="#section-4.1-4.10"
class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.11">zk_h</dt>
- <dd id="section-4.1-4.12">
+<dt id="section-4.1-4.11">zk_h</dt>
+<dd id="section-4.1-4.12">
is a 256-bit public key derived from the zone key "zk" using the
keying material "h".<a href="#section-4.1-4.12"
class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.13">L</dt>
- <dd id="section-4.1-4.14">
+<dt id="section-4.1-4.13">L</dt>
+<dd id="section-4.1-4.14">
is the prime-order subgroup as defined in <a href="#zones"
class="xref">Section 2</a>.<a href="#section-4.1-4.14" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-4.15">q</dt>
- <dd id="section-4.1-4.16">
+<dt id="section-4.1-4.15">q</dt>
+<dd id="section-4.1-4.16">
Is the 512-bit DHT key under which the resource records block is
published.
It is the SHA512 hash over the public key "zk_h" corresponding to
the
derived private key "d_h".<a href="#section-4.1-4.16"
class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
<p id="section-4.1-5">
We point out that the multiplication of "zk" with "h" is a point
multiplication,
while the multiplication of "d" with "h" is a scalar
multiplication.<a href="#section-4.1-5" class="pilcrow">¶</a></p>
@@ -1760,11 +1842,13 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="wire">
<section id="section-4.2">
<h3 id="name-resource-records-block">
-<a href="#section-4.2" class="section-number selfRef">4.2. </a><a
href="#name-resource-records-block" class="section-name selfRef">Resource
Records Block</a>
+<a href="#section-4.2" class="section-number selfRef">4.2. </a><a
href="#name-resource-records-block" class="section-name selfRef">Resource
Records Block</a>
</h3>
<p id="section-4.2-1">
GNS records are grouped by their labels and published as a single
- block in the DHT.
+ block in the DHT. The grouped record sets MAY be paired with any
+ number of supplemental records. Supplemental records must have the
+ supplemental flag set (See <a href="#rrecords" class="xref">Section
3</a>).
The contained resource records are encrypted using a symmetric
encryption scheme.
A GNS implementation must publish RRBLOCKs
@@ -1806,21 +1890,21 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<p id="section-4.2-3">where:<a href="#section-4.2-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-4.2-4">
<dt id="section-4.2-4.1">SIGNATURE</dt>
- <dd id="section-4.2-4.2">
+<dd id="section-4.2-4.2">
A 512-bit ECDSA deterministic signature compliant with
<span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span>. The
signature is computed over the data
following the PUBLIC KEY field.
The signature is created using the derived private key "d_h" (see
<a href="#publish" class="xref">Section 4</a>).<a
href="#section-4.2-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.3">PUBLIC KEY</dt>
- <dd id="section-4.2-4.4">
+<dt id="section-4.2-4.3">PUBLIC KEY</dt>
+<dd id="section-4.2-4.4">
is the 256-bit public key "zk_h" to be used to verify SIGNATURE. The
wire format of this value is defined in <span>[<a href="#RFC8032"
class="xref">RFC8032</a>]</span>,
Section 5.1.5.<a href="#section-4.2-4.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.5">SIZE</dt>
- <dd id="section-4.2-4.6">
+<dt id="section-4.2-4.5">SIZE</dt>
+<dd id="section-4.2-4.6">
A 32-bit value containing the length of the signed data following
the
PUBLIC KEY field in network byte order. This value always includes
the
length of the fields SIZE (4), PURPOSE (4) and EXPIRATION (8) in
@@ -1829,13 +1913,13 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
size significantly below 4 GB. However, a minimum block size of
62 kilobytes MUST be supported.<a href="#section-4.2-4.6"
class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.7">PURPOSE</dt>
- <dd id="section-4.2-4.8">
+<dt id="section-4.2-4.7">PURPOSE</dt>
+<dd id="section-4.2-4.8">
A 32-bit signature purpose flag. This field MUST be 15 (in network
byte order).<a href="#section-4.2-4.8" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.9">EXPIRATION</dt>
- <dd id="section-4.2-4.10">
+<dt id="section-4.2-4.9">EXPIRATION</dt>
+<dd id="section-4.2-4.10">
Specifies when the RRBLOCK expires and the encrypted block
SHOULD be removed from the DHT and caches as it is likely stale.
However, applications MAY continue to use non-expired individual
@@ -1848,17 +1932,17 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
This is a 64-bit absolute date in microseconds since midnight
(0 hour), January 1, 1970 in network byte order.<a
href="#section-4.2-4.10" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.2-4.11">BDATA</dt>
- <dd id="section-4.2-4.12">
+<dt id="section-4.2-4.11">BDATA</dt>
+<dd id="section-4.2-4.12">
The encrypted resource records with a total size of SIZE - 16.<a
href="#section-4.2-4.12" class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
</section>
</div>
<div id="recordencryption">
<section id="section-4.3">
<h3 id="name-record-data-encryption-and-">
-<a href="#section-4.3" class="section-number selfRef">4.3. </a><a
href="#name-record-data-encryption-and-" class="section-name selfRef">Record
Data Encryption and Decryption</a>
+<a href="#section-4.3" class="section-number selfRef">4.3. </a><a
href="#name-record-data-encryption-and-" class="section-name selfRef">Record
Data Encryption and Decryption</a>
</h3>
<p id="section-4.3-1">
A symmetric encryption scheme is used to encrypt the resource records
@@ -1898,20 +1982,20 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<p id="section-4.3-3">where:<a href="#section-4.3-3" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-4.3-4">
<dt id="section-4.3-4.1">RR COUNT</dt>
- <dd id="section-4.3-4.2">
+<dd id="section-4.3-4.2">
A 32-bit value containing the number of variable-length resource
records which are
following after this field in network byte order.<a
href="#section-4.3-4.2" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.3-4.3">EXPIRATION, DATA SIZE, TYPE, FLAGS and
DATA</dt>
- <dd id="section-4.3-4.4">
+<dt id="section-4.3-4.3">EXPIRATION, DATA SIZE, TYPE, FLAGS and DATA</dt>
+<dd id="section-4.3-4.4">
These fields were defined
in the resource record format in <a href="#rrecords"
class="xref">Section 3</a>.
There MUST be a total of RR COUNT of these resource records
present.<a href="#section-4.3-4.4" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.3-4.5">PADDING</dt>
- <dd id="section-4.3-4.6">
+<dt id="section-4.3-4.5">PADDING</dt>
+<dd id="section-4.3-4.6">
The padding MUST contain the value 0 in all octets.
The padding MUST ensure that the size of the RDATA WITHOUT the RR
COUNT field is a power of two.
@@ -1919,7 +2003,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
are never padded. Note that a record set with a PKEY record MUST NOT
contain other records.<a href="#section-4.3-4.6"
class="pilcrow">¶</a>
</dd>
- </dl>
+</dl>
<p id="section-4.3-5">
The symmetric keys and initialization vectors are derived from the
record label and the zone key "zk". For decryption of the resource
@@ -1998,7 +2082,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="encoding">
<section id="section-5">
<h2 id="name-internationalization-and-ch">
-<a href="#section-5" class="section-number selfRef">5. </a><a
href="#name-internationalization-and-ch" class="section-name
selfRef">Internationalization and Character Encoding</a>
+<a href="#section-5" class="section-number selfRef">5. </a><a
href="#name-internationalization-and-ch" class="section-name
selfRef">Internationalization and Character Encoding</a>
</h2>
<p id="section-5-1">
All labels in GNS are encoded in UTF-8 <span>[<a href="#RFC3629"
class="xref">RFC3629</a>]</span>.
@@ -2010,7 +2094,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="resolution">
<section id="section-6">
<h2 id="name-name-resolution">
-<a href="#section-6" class="section-number selfRef">6. </a><a
href="#name-name-resolution" class="section-name selfRef">Name Resolution</a>
+<a href="#section-6" class="section-number selfRef">6. </a><a
href="#name-name-resolution" class="section-name selfRef">Name Resolution</a>
</h2>
<p id="section-6-1">
Names in GNS are resolved by recursively querying the DHT record
storage.
@@ -2034,7 +2118,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="recursion">
<section id="section-6.1">
<h3 id="name-recursion">
-<a href="#section-6.1" class="section-number selfRef">6.1. </a><a
href="#name-recursion" class="section-name selfRef">Recursion</a>
+<a href="#section-6.1" class="section-number selfRef">6.1. </a><a
href="#name-recursion" class="section-name selfRef">Recursion</a>
</h3>
<p id="section-6.1-1">
In each step of the recursive name resolution, there is an
@@ -2046,15 +2130,15 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<ol start="1" type="1" class="normal" id="section-6.1-3">
<li id="section-6.1-3.1">Extract the right-most label from the name
to look up.<a href="#section-6.1-3.1" class="pilcrow">¶</a>
</li>
- <li id="section-6.1-3.2">Calculate q using the label and zk as
defined in
+<li id="section-6.1-3.2">Calculate q using the label and zk as defined in
<a href="#blinding" class="xref">Section 4.1</a>.<a
href="#section-6.1-3.2" class="pilcrow">¶</a>
</li>
- <li id="section-6.1-3.3">Perform a DHT query GET(q) to retrieve the
RRBLOCK.<a href="#section-6.1-3.3" class="pilcrow">¶</a>
+<li id="section-6.1-3.3">Perform a DHT query GET(q) to retrieve the RRBLOCK.<a
href="#section-6.1-3.3" class="pilcrow">¶</a>
</li>
- <li id="section-6.1-3.4">Verify and process the RRBLOCK and decrypt
the BDATA contained
+<li id="section-6.1-3.4">Verify and process the RRBLOCK and decrypt the BDATA
contained
in it as defined in <a href="#recordencryption"
class="xref">Section 4.3</a>.<a href="#section-6.1-3.4" class="pilcrow">¶</a>
</li>
- </ol>
+</ol>
<p id="section-6.1-4">
Upon receiving the RRBLOCK from the DHT, apart from verifying the
provided signature, the resolver MUST check that the authoritative
@@ -2067,7 +2151,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="record_processing">
<section id="section-6.2">
<h3 id="name-record-processing">
-<a href="#section-6.2" class="section-number selfRef">6.2. </a><a
href="#name-record-processing" class="section-name selfRef">Record
Processing</a>
+<a href="#section-6.2" class="section-number selfRef">6.2. </a><a
href="#name-record-processing" class="section-name selfRef">Record
Processing</a>
</h3>
<p id="section-6.2-1">
Record processing occurs at the end of a single recursion. We assume
@@ -2081,26 +2165,23 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
does not consist of a PKEY, CNAME or DNS2GNS record, the record set
is the result and the recursion is concluded.<a
href="#section-6.2-2.1" class="pilcrow">¶</a>
</li>
- <li id="section-6.2-2.2">
+<li id="section-6.2-2.2">
Case 2:
If the name to be resolved is of the format
"_SERVICE._PROTO" and the record set contains one or more matching BOX
records, the records in the BOX records are the result and the recusion
is concluded (<a href="#box_processing" class="xref">Section
6.2.4</a>).<a href="#section-6.2-2.2" class="pilcrow">¶</a>
</li>
- <li id="section-6.2-2.3">
+<li id="section-6.2-2.3">
Case 3:
If the remainder of the name to resolve is not empty and
does not match the "_SERVICE._PROTO" syntax, then the current record set
- MUST consist of a single PKEY record
- (<a href="#pkey_processing" class="xref">Section 6.2.1</a>),
- a single CNAME record
- (<a href="#cname_processing" class="xref">Section 6.2.3</a>),
- or one or more GNS2DNS records
- (<a href="#gns2dns_processing" class="xref">Section 6.2.2</a>),
- which are processed
- as described in the respective sections below.
- Otherwise, resolution fails
+ MUST consist of a single PKEY record (<a href="#pkey_processing"
class="xref">Section 6.2.1</a>),
+ a single CNAME record (<a href="#cname_processing"
class="xref">Section 6.2.3</a>),
+ or one or more GNS2DNS records (<a href="#gns2dns_processing"
class="xref">Section 6.2.2</a>),
+ which are processed as described in the respective sections below.
+ The record set may include any number of supplemental records.
+ Otherwise, resolution fails
and the resolver MUST return an empty record set.
Finally, after the recursion terminates, the client preferences
@@ -2109,11 +2190,11 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
SHOULD be converted (<a href="#vpn_processing" class="xref">Section
6.2.5</a>)
if possible.<a href="#section-6.2-2.3" class="pilcrow">¶</a>
</li>
- </ol>
+</ol>
<div id="pkey_processing">
<section id="section-6.2.1">
<h4 id="name-pkey-2">
-<a href="#section-6.2.1" class="section-number selfRef">6.2.1. </a><a
href="#name-pkey-2" class="section-name selfRef">PKEY</a>
+<a href="#section-6.2.1" class="section-number selfRef">6.2.1. </a><a
href="#name-pkey-2" class="section-name selfRef">PKEY</a>
</h4>
<p id="section-6.2.1-1">
When the resolver encounters a PKEY record and the remainder of
@@ -2133,7 +2214,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="gns2dns_processing">
<section id="section-6.2.2">
<h4 id="name-gns2dns-2">
-<a href="#section-6.2.2" class="section-number selfRef">6.2.2. </a><a
href="#name-gns2dns-2" class="section-name selfRef">GNS2DNS</a>
+<a href="#section-6.2.2" class="section-number selfRef">6.2.2. </a><a
href="#name-gns2dns-2" class="section-name selfRef">GNS2DNS</a>
</h4>
<p id="section-6.2.2-1">
When a resolver encounters one or more GNS2DNS records and the
remaining name
@@ -2184,7 +2265,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="cname_processing">
<section id="section-6.2.3">
<h4 id="name-cname">
-<a href="#section-6.2.3" class="section-number selfRef">6.2.3. </a><a
href="#name-cname" class="section-name selfRef">CNAME</a>
+<a href="#section-6.2.3" class="section-number selfRef">6.2.3. </a><a
href="#name-cname" class="section-name selfRef">CNAME</a>
</h4>
<p id="section-6.2.3-1">
If a CNAME record is encountered, the canonical name is
@@ -2209,7 +2290,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="box_processing">
<section id="section-6.2.4">
<h4 id="name-box-2">
-<a href="#section-6.2.4" class="section-number selfRef">6.2.4. </a><a
href="#name-box-2" class="section-name selfRef">BOX</a>
+<a href="#section-6.2.4" class="section-number selfRef">6.2.4. </a><a
href="#name-box-2" class="section-name selfRef">BOX</a>
</h4>
<p id="section-6.2.4-1">
When a BOX record is received, a GNS resolver must unbox it if the
@@ -2223,7 +2304,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="vpn_processing">
<section id="section-6.2.5">
<h4 id="name-vpn-2">
-<a href="#section-6.2.5" class="section-number selfRef">6.2.5. </a><a
href="#name-vpn-2" class="section-name selfRef">VPN</a>
+<a href="#section-6.2.5" class="section-number selfRef">6.2.5. </a><a
href="#name-vpn-2" class="section-name selfRef">VPN</a>
</h4>
<p id="section-6.2.5-1">
At the end of the recursion,
@@ -2243,7 +2324,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="revocation">
<section id="section-7">
<h2 id="name-zone-revocation">
-<a href="#section-7" class="section-number selfRef">7. </a><a
href="#name-zone-revocation" class="section-name selfRef">Zone Revocation</a>
+<a href="#section-7" class="section-number selfRef">7. </a><a
href="#name-zone-revocation" class="section-name selfRef">Zone Revocation</a>
</h2>
<p id="section-7-1">
Whenever a recursive resolver encounters a new GNS zone, it MUST
@@ -2310,7 +2391,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="governance">
<section id="section-8">
<h2 id="name-determining-the-root-zone-a">
-<a href="#section-8" class="section-number selfRef">8. </a><a
href="#name-determining-the-root-zone-a" class="section-name
selfRef">Determining the Root Zone and Zone Governance</a>
+<a href="#section-8" class="section-number selfRef">8. </a><a
href="#name-determining-the-root-zone-a" class="section-name
selfRef">Determining the Root Zone and Zone Governance</a>
</h2>
<p id="section-8-1">
The resolution of a GNS name must start in a given start zone
@@ -2395,7 +2476,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="security">
<section id="section-9">
<h2 id="name-security-considerations">
-<a href="#section-9" class="section-number selfRef">9. </a><a
href="#name-security-considerations" class="section-name selfRef">Security
Considerations</a>
+<a href="#section-9" class="section-number selfRef">9. </a><a
href="#name-security-considerations" class="section-name selfRef">Security
Considerations</a>
</h2>
<p id="section-9-1">
TODO<a href="#section-9-1" class="pilcrow">¶</a></p>
@@ -2404,7 +2485,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div id="iana">
<section id="section-10">
<h2 id="name-iana-considerations">
-<a href="#section-10" class="section-number selfRef">10. </a><a
href="#name-iana-considerations" class="section-name selfRef">IANA
Considerations</a>
+<a href="#section-10" class="section-number selfRef">10. </a><a
href="#name-iana-considerations" class="section-name selfRef">IANA
Considerations</a>
</h2>
<p id="section-10-1">
This will be fun<a href="#section-10-1" class="pilcrow">¶</a></p>
@@ -2412,7 +2493,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
</div>
<section id="section-11">
<h2 id="name-test-vectors">
-<a href="#section-11" class="section-number selfRef">11. </a><a
href="#name-test-vectors" class="section-name selfRef">Test Vectors</a>
+<a href="#section-11" class="section-number selfRef">11. </a><a
href="#name-test-vectors" class="section-name selfRef">Test Vectors</a>
</h2>
<p id="section-11-1">
The following represents a test vector for a record of type MX with
@@ -2520,56 +2601,54 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
</section>
<section id="section-12">
<h2 id="name-normative-references">
-<a href="#section-12" class="section-number selfRef">12. </a><a
href="#name-normative-references" class="section-name selfRef">Normative
References</a>
+<a href="#section-12" class="section-number selfRef">12. </a><a
href="#name-normative-references" class="section-name selfRef">Normative
References</a>
</h2>
<dl class="references">
<dt id="RFC1034">[RFC1034]</dt>
- <dd>
+<dd>
<span class="refAuthor">Mockapetris, P.</span>, <span class="refTitle">"Domain
names - concepts and facilities"</span>, <span class="seriesInfo">STD
13</span>, <span class="seriesInfo">RFC 1034</span>, <span
class="seriesInfo">DOI 10.17487/RFC1034</span>, <time
datetime="1987-11">November 1987</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc1034">https://www.rfc-editor.org/info/rfc1034</a>></span>.
</dd>
<dt id="RFC1035">[RFC1035]</dt>
- <dd>
+<dd>
<span class="refAuthor">Mockapetris, P.</span>, <span class="refTitle">"Domain
names - implementation and specification"</span>, <span class="seriesInfo">STD
13</span>, <span class="seriesInfo">RFC 1035</span>, <span
class="seriesInfo">DOI 10.17487/RFC1035</span>, <time
datetime="1987-11">November 1987</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc1035">https://www.rfc-editor.org/info/rfc1035</a>></span>.
</dd>
-<dt id="RFC2119">[RFC2119]</dt>
- <dd>
-<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words
for use in RFCs to Indicate Requirement Levels"</span>, <span
class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>,
<span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time
datetime="1997-03">March 1997</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc2119">https://www.rfc-editor.org/info/rfc2119</a>></span>.
</dd>
<dt id="RFC2782">[RFC2782]</dt>
- <dd>
+<dd>
<span class="refAuthor">Gulbrandsen, A.</span><span class="refAuthor">, Vixie,
P.</span><span class="refAuthor">, and L. Esibov</span>, <span
class="refTitle">"A DNS RR for specifying the location of services (DNS
SRV)"</span>, <span class="seriesInfo">RFC 2782</span>, <span
class="seriesInfo">DOI 10.17487/RFC2782</span>, <time
datetime="2000-02">February 2000</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc2782">https://www.rfc-editor.org/info/rfc2782</a>></span>.
</dd>
+<dt id="RFC2119">[RFC2119]</dt>
+<dd>
+<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words
for use in RFCs to Indicate Requirement Levels"</span>, <span
class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>,
<span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time
datetime="1997-03">March 1997</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc2119">https://www.rfc-editor.org/info/rfc2119</a>></span>.
</dd>
<dt id="RFC3629">[RFC3629]</dt>
- <dd>
+<dd>
<span class="refAuthor">Yergeau, F.</span>, <span class="refTitle">"UTF-8, a
transformation format of ISO 10646"</span>, <span class="seriesInfo">STD
63</span>, <span class="seriesInfo">RFC 3629</span>, <span
class="seriesInfo">DOI 10.17487/RFC3629</span>, <time
datetime="2003-11">November 2003</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc3629">https://www.rfc-editor.org/info/rfc3629</a>></span>.
</dd>
<dt id="RFC3826">[RFC3826]</dt>
- <dd>
+<dd>
<span class="refAuthor">Blumenthal, U.</span><span class="refAuthor">, Maino,
F.</span><span class="refAuthor">, and K. McCloghrie</span>, <span
class="refTitle">"The Advanced Encryption Standard (AES) Cipher Algorithm in
the SNMP User-based Security Model"</span>, <span class="seriesInfo">RFC
3826</span>, <span class="seriesInfo">DOI 10.17487/RFC3826</span>, <time
datetime="2004-06">June 2004</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc3826">https://www.rfc-editor.org/ [...]
<dt id="RFC5869">[RFC5869]</dt>
- <dd>
+<dd>
<span class="refAuthor">Krawczyk, H.</span><span class="refAuthor"> and P.
Eronen</span>, <span class="refTitle">"HMAC-based Extract-and-Expand Key
Derivation Function (HKDF)"</span>, <span class="seriesInfo">RFC 5869</span>,
<span class="seriesInfo">DOI 10.17487/RFC5869</span>, <time
datetime="2010-05">May 2010</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc5869">https://www.rfc-editor.org/info/rfc5869</a>></span>.
</dd>
<dt id="RFC5890">[RFC5890]</dt>
- <dd>
+<dd>
<span class="refAuthor">Klensin, J.</span>, <span
class="refTitle">"Internationalized Domain Names for Applications (IDNA):
Definitions and Document Framework"</span>, <span class="seriesInfo">RFC
5890</span>, <span class="seriesInfo">DOI 10.17487/RFC5890</span>, <time
datetime="2010-08">August 2010</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc5890">https://www.rfc-editor.org/info/rfc5890</a>></span>.
</dd>
<dt id="RFC5891">[RFC5891]</dt>
- <dd>
+<dd>
<span class="refAuthor">Klensin, J.</span>, <span
class="refTitle">"Internationalized Domain Names in Applications (IDNA):
Protocol"</span>, <span class="seriesInfo">RFC 5891</span>, <span
class="seriesInfo">DOI 10.17487/RFC5891</span>, <time datetime="2010-08">August
2010</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc5891">https://www.rfc-editor.org/info/rfc5891</a>></span>.
</dd>
<dt id="RFC6895">[RFC6895]</dt>
- <dd>
+<dd>
<span class="refAuthor">Eastlake 3rd, D.</span>, <span
class="refTitle">"Domain Name System (DNS) IANA Considerations"</span>, <span
class="seriesInfo">BCP 42</span>, <span class="seriesInfo">RFC 6895</span>,
<span class="seriesInfo">DOI 10.17487/RFC6895</span>, <time
datetime="2013-04">April 2013</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc6895">https://www.rfc-editor.org/info/rfc6895</a>></span>.
</dd>
<dt id="RFC6979">[RFC6979]</dt>
- <dd>
+<dd>
<span class="refAuthor">Pornin, T.</span>, <span
class="refTitle">"Deterministic Usage of the Digital Signature Algorithm (DSA)
and Elliptic Curve Digital Signature Algorithm (ECDSA)"</span>, <span
class="seriesInfo">RFC 6979</span>, <span class="seriesInfo">DOI
10.17487/RFC6979</span>, <time datetime="2013-08">August 2013</time>,
<span><<a
href="https://www.rfc-editor.org/info/rfc6979">https://www.rfc-editor.org/info/rfc6979</a>></span>.
</dd>
<dt id="RFC7748">[RFC7748]</dt>
- <dd>
+<dd>
<span class="refAuthor">Langley, A.</span><span class="refAuthor">, Hamburg,
M.</span><span class="refAuthor">, and S. Turner</span>, <span
class="refTitle">"Elliptic Curves for Security"</span>, <span
class="seriesInfo">RFC 7748</span>, <span class="seriesInfo">DOI
10.17487/RFC7748</span>, <time datetime="2016-01">January 2016</time>,
<span><<a
href="https://www.rfc-editor.org/info/rfc7748">https://www.rfc-editor.org/info/rfc7748</a>></span>.
</dd>
-<dt id="RFC7914">[RFC7914]</dt>
- <dd>
-<span class="refAuthor">Percival, C.</span><span class="refAuthor"> and S.
Josefsson</span>, <span class="refTitle">"The scrypt Password-Based Key
Derivation Function"</span>, <span class="seriesInfo">RFC 7914</span>, <span
class="seriesInfo">DOI 10.17487/RFC7914</span>, <time datetime="2016-08">August
2016</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc7914">https://www.rfc-editor.org/info/rfc7914</a>></span>.
</dd>
<dt id="RFC8032">[RFC8032]</dt>
- <dd>
+<dd>
<span class="refAuthor">Josefsson, S.</span><span class="refAuthor"> and I.
Liusvaara</span>, <span class="refTitle">"Edwards-Curve Digital Signature
Algorithm (EdDSA)"</span>, <span class="seriesInfo">RFC 8032</span>, <span
class="seriesInfo">DOI 10.17487/RFC8032</span>, <time
datetime="2017-01">January 2017</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc8032">https://www.rfc-editor.org/info/rfc8032</a>></span>.
</dd>
<dt id="TWOFISH">[TWOFISH]</dt>
- <dd>
-<span class="refAuthor">Schneier, B.</span>, <span class="refTitle">"
- The Twofish Encryptions Algorithm: A 128-Bit Block Cipher, 1st
Edition
- "</span>, <time datetime="1999-03">March 1999</time>. </dd>
+<dd>
+<span class="refAuthor">Schneier, B.</span>, <span class="refTitle">"The
Twofish Encryptions Algorithm: A 128-Bit Block Cipher, 1st Edition"</span>,
<time datetime="1999-03">March 1999</time>. </dd>
+<dt id="RFC7914">[RFC7914]</dt>
+<dd>
+<span class="refAuthor">Percival, C.</span><span class="refAuthor"> and S.
Josefsson</span>, <span class="refTitle">"The scrypt Password-Based Key
Derivation Function"</span>, <span class="seriesInfo">RFC 7914</span>, <span
class="seriesInfo">DOI 10.17487/RFC7914</span>, <time datetime="2016-08">August
2016</time>, <span><<a
href="https://www.rfc-editor.org/info/rfc7914">https://www.rfc-editor.org/info/rfc7914</a>></span>.
</dd>
</dl>
</section>
<div id="authors-addresses">
@@ -2594,7 +2673,8 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<div dir="auto" class="left"><span class="fn nameRole">Christian
Grothoff</span></div>
<div dir="auto" class="left"><span class="org">Berner
Fachhochschule</span></div>
<div dir="auto" class="left"><span class="street-address">Hoeheweg
80</span></div>
-<div dir="auto" class="left">CH-<span class="postal-code">2501</span> <span
class="locality">Biel/Bienne</span>
+<div dir="auto" class="left">
+<span class="postal-code">2501</span> <span class="locality">Biel/Bienne</span>
</div>
<div dir="auto" class="left"><span
class="country-name">Switzerland</span></div>
<div class="email">
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
index 1647f06..221dbc6 100644
--- a/draft-schanzen-gns.txt
+++ b/draft-schanzen-gns.txt
@@ -63,7 +63,7 @@ Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Resource Records . . . . . . . . . . . . . . . . . . . . . . 4
- 3.1. Record Types . . . . . . . . . . . . . . . . . . . . . . 5
+ 3.1. Record Types . . . . . . . . . . . . . . . . . . . . . . 6
3.2. PKEY . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.3. GNS2DNS . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.4. LEHO . . . . . . . . . . . . . . . . . . . . . . . . . . 7
@@ -238,7 +238,7 @@ Internet-Draft The GNU Name System
November 2019
... 5 4 3 2 1 0
------+--------+--------+--------+--------+--------+
- / ... | SHADOW | EXPREL | / | PRIVATE| / |
+ / ... | SHADOW | EXPREL | SUPPL | PRIVATE| / |
------+--------+--------+--------+--------+--------+
Figure 2
@@ -258,19 +258,19 @@ Internet-Draft The GNU Name System
November 2019
from the DHT, but might be present when a resolver looks up
private records of a zone hosted locally.
+ SUPPL This is supplemental record. It is provided in addition to
+ the other records. This flag indicates that this record is not
+ explicitly managed alongside the other records under the
+ respective name but may be useful for the application. This flag
+ should only be encountered by a resolver for records obtained from
+ the DHT.
+
PRIVATE This is a private record of this peer and it should thus not
be published in the DHT. Thus, this flag should never be
encountered by a resolver for records obtained from the DHT.
Private records should still be considered just like regular
records when resolving labels in local zones.
-3.1. Record Types
-
- GNS-specific record type numbers start at 2^16, i.e. after the record
- type numbers for DNS. The following is a list of defined and
- reserved record types in GNS:
-
-
@@ -282,6 +282,12 @@ Schanzenbach, et al. Expires 13 May 2020
[Page 5]
Internet-Draft The GNU Name System November 2019
+3.1. Record Types
+
+ GNS-specific record type numbers start at 2^16, i.e. after the record
+ type numbers for DNS. The following is a list of defined and
+ reserved record types in GNS:
+
Number | Type | Comment
------------------------------------------------------------
65536 | PKEY | GNS delegation
@@ -327,12 +333,6 @@ Internet-Draft The GNU Name System
November 2019
-
-
-
-
-
-
Schanzenbach, et al. Expires 13 May 2020 [Page 6]
Internet-Draft The GNU Name System November 2019
@@ -405,8 +405,8 @@ Internet-Draft The GNU Name System
November 2019
is a suggestion to other zones what label to use when creating a PKEY
Section 3.2 record containing this zone's public zone key. This
record SHOULD only be stored under the empty label "@" but MAY be
- returned with record sets under any label. A NICK DATA entry has the
- following format:
+ returned with record sets under any label as a supplemental record.
+ A NICK DATA entry has the following format:
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
@@ -581,14 +581,14 @@ Internet-Draft The GNU Name System
November 2019
4.2. Resource Records Block
GNS records are grouped by their labels and published as a single
- block in the DHT. The contained resource records are encrypted using
- a symmetric encryption scheme. A GNS implementation must publish
- RRBLOCKs in accordance to the properties and recommendations of the
- underlying DHT. This may include a periodic refresh publication. A
- GNS RRBLOCK has the following format:
-
-
-
+ block in the DHT. The grouped record sets MAY be paired with any
+ number of supplemental records. Supplemental records must have the
+ supplemental flag set (See Section 3). The contained resource
+ records are encrypted using a symmetric encryption scheme. A GNS
+ implementation must publish RRBLOCKs in accordance to the properties
+ and recommendations of the underlying DHT. This may include a
+ periodic refresh publication. A GNS RRBLOCK has the following
+ format:
@@ -734,9 +734,9 @@ Internet-Draft The GNU Name System
November 2019
resource records which are following after this field in network
byte order.
- EXPIRATION, DATA SIZE, TYPE, FLAGS and DATA These fields were defined in
- the resource record format in Section 3. There MUST be a total of
- RR COUNT of these resource records present.
+ EXPIRATION, DATA SIZE, TYPE, FLAGS and DATA These fields were
+ defined in the resource record format in Section 3. There MUST be
+ a total of RR COUNT of these resource records present.
PADDING The padding MUST contain the value 0 in all octets. The
padding MUST ensure that the size of the RDATA WITHOUT the RR
@@ -887,9 +887,9 @@ Internet-Draft The GNU Name System
November 2019
record set MUST consist of a single PKEY record (Section 6.2.1),
a single CNAME record (Section 6.2.3), or one or more GNS2DNS
records (Section 6.2.2), which are processed as described in the
- respective sections below. Otherwise, resolution fails and the
+ respective sections below. The record set may include any number
+ of supplemental records. Otherwise, resolution fails and the
resolver MUST return an empty record set. Finally, after the
- recursion terminates, the client preferences for the record type
@@ -898,6 +898,7 @@ Schanzenbach, et al. Expires 13 May 2020
[Page 16]
Internet-Draft The GNU Name System November 2019
+ recursion terminates, the client preferences for the record type
SHOULD be considered. If a VPN record is found and the client
requests an A or AAAA record, the VPN record SHOULD be converted
(Section 6.2.5) if possible.
@@ -944,8 +945,7 @@ Internet-Draft The GNU Name System
November 2019
the GNS resolver MUST support recursive resolution and MUST NOT
delegate this to the authoritative DNS servers. The first successful
recursive name resolution result is returned to the client. In
- addition, the resolver returns the queried DNS name as a LEHO record
- (Section 3.4) with a relative expiration time of one hour.
+
@@ -954,6 +954,9 @@ Schanzenbach, et al. Expires 13 May 2020
[Page 17]
Internet-Draft The GNU Name System November 2019
+ addition, the resolver returns the queried DNS name as a LEHO record
+ (Section 3.4) with a relative expiration time of one hour.
+
GNS resolvers SHOULD offer a configuration option to disable DNS
processing to avoid information leakage and provide a consistent
security profile for all name resolutions. Such resolvers would
@@ -1002,9 +1005,6 @@ Internet-Draft The GNU Name System
November 2019
-
-
-
Schanzenbach, et al. Expires 13 May 2020 [Page 18]
Internet-Draft The GNU Name System November 2019
@@ -1294,16 +1294,16 @@ Internet-Draft The GNU Name System
November 2019
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>.
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119,
- DOI 10.17487/RFC2119, March 1997,
- <https://www.rfc-editor.org/info/rfc2119>.
-
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782,
DOI 10.17487/RFC2782, February 2000,
<https://www.rfc-editor.org/info/rfc2782>.
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119,
+ DOI 10.17487/RFC2119, March 1997,
+ <https://www.rfc-editor.org/info/rfc2119>.
+
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
2003, <https://www.rfc-editor.org/info/rfc3629>.
@@ -1350,10 +1350,6 @@ Internet-Draft The GNU Name System
November 2019
for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <https://www.rfc-editor.org/info/rfc7748>.
- [RFC7914] Percival, C. and S. Josefsson, "The scrypt Password-Based
- Key Derivation Function", RFC 7914, DOI 10.17487/RFC7914,
- August 2016, <https://www.rfc-editor.org/info/rfc7914>.
-
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
Signature Algorithm (EdDSA)", RFC 8032,
DOI 10.17487/RFC8032, January 2017,
@@ -1362,6 +1358,10 @@ Internet-Draft The GNU Name System
November 2019
[TWOFISH] Schneier, B., "The Twofish Encryptions Algorithm: A
128-Bit Block Cipher, 1st Edition", March 1999.
+ [RFC7914] Percival, C. and S. Josefsson, "The scrypt Password-Based
+ Key Derivation Function", RFC 7914, DOI 10.17487/RFC7914,
+ August 2016, <https://www.rfc-editor.org/info/rfc7914>.
+
Authors' Addresses
Martin Schanzenbach
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 3a27817..9d5a23c 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -239,7 +239,7 @@
<artwork name="" type="" align="left" alt=""><![CDATA[
... 5 4 3 2 1 0
------+--------+--------+--------+--------+--------+
- / ... | SHADOW | EXPREL | / | PRIVATE| / |
+ / ... | SHADOW | EXPREL | SUPPL | PRIVATE| / |
------+--------+--------+--------+--------+--------+
]]></artwork>
<!-- <postamble>which is a very simple example.</postamble>-->
@@ -263,6 +263,16 @@
for records obtained from the DHT, but might be present when a
resolver looks up
private records of a zone hosted locally.
</dd>
+ <dt>
+ SUPPL
+ </dt>
+ <dd>
+ This is supplemental record. It is provided in addition to the
+ other records. This flag indicates that this record is not explicitly
+ managed alongside the other records under the respective name but
+ may be useful for the application. This flag should only be
encountered
+ by a resolver for records obtained from the DHT.
+ </dd>
<dt>PRIVATE</dt>
<dd>
This is a private record of this peer and it should thus not be
@@ -404,13 +414,14 @@
</section>
<section anchor="gnsrecords_nick" numbered="true" toc="default">
<name>NICK</name>
- <t>Nickname records can be used by zone administrators to publish an
+ <t>
+ Nickname records can be used by zone administrators to publish an
indication on what label this zone prefers to be referred to.
This is a suggestion to other zones what label to use when creating a
PKEY <xref target="gnsrecords_pkey" /> record containing this zone's
public zone key.
- This record SHOULD only be stored under the empty label "@" but
- MAY be returned with record sets under any label.
+ This record SHOULD only be stored under the empty label "@" but MAY be
+ returned with record sets under any label as a supplemental record.
A NICK DATA entry has the following format:
</t>
<figure anchor="figure_nickrecord">
@@ -614,7 +625,9 @@
<name>Resource Records Block</name>
<t>
GNS records are grouped by their labels and published as a single
- block in the DHT.
+ block in the DHT. The grouped record sets MAY be paired with any
+ number of supplemental records. Supplemental records must have the
+ supplemental flag set (See <xref target="rrecords"/>).
The contained resource records are encrypted using a symmetric
encryption scheme.
A GNS implementation must publish RRBLOCKs
@@ -923,15 +936,12 @@
Case 3:
If the remainder of the name to resolve is not empty and
does not match the "_SERVICE._PROTO" syntax, then the current record set
- MUST consist of a single PKEY record
- (<xref target="pkey_processing" />),
- a single CNAME record
- (<xref target="cname_processing" />),
- or one or more GNS2DNS records
- (<xref target="gns2dns_processing" />),
- which are processed
- as described in the respective sections below.
- Otherwise, resolution fails
+ MUST consist of a single PKEY record (<xref
target="pkey_processing" />),
+ a single CNAME record (<xref target="cname_processing" />),
+ or one or more GNS2DNS records (<xref target="gns2dns_processing"
/>),
+ which are processed as described in the respective sections below.
+ The record set may include any number of supplemental records.
+ Otherwise, resolution fails
and the resolver MUST return an empty record set.
Finally, after the recursion terminates, the client preferences
--
To stop receiving notification emails like this one, please contact
address@hidden.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0001] branch master updated: add concept of supplemental records,
gnunet <=