[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0001] branch master updated: update
From: |
gnunet |
Subject: |
[lsd0001] branch master updated: update |
Date: |
Mon, 20 Dec 2021 14:52:56 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new 264aa47 update
264aa47 is described below
commit 264aa47c0e198c7cc5e69c1711bdfd09db22ffaf
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Mon Dec 20 14:52:52 2021 +0100
update
---
draft-schanzen-gns.xml | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 6210c94..8e165cd 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -378,8 +378,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
A GNS implementor MUST provide a mechanism to create and manage resource
records for local zones. A local zone is established by selecting a
zone type and creating a zone
- key pair. Implementations SHOULD select a secure zone type automatically
- and not leave the zone type selection to the user.
+ key pair.
Records may be added to each zone, hence a (local) persistency
mechanism for resource records and zones must be provided.
This local zone database is used by the GNS resolver implementation
@@ -1390,7 +1389,7 @@ q := SHA512 (HDKD-Public(zk, label))
<t>
In the following, we give examples how a local client resolver SHOULD
discover the start zone. The process given is not exhaustive and
- clients MAY suppliement it with other mechanisms or ignore it if the
+ clients MAY supplement it with other mechanisms or ignore it if the
particular application requires a different process.
</t>
<t>
@@ -1411,8 +1410,7 @@ Example name: www.example.<zTLD>
but users MAY choose to use longer names consisting of
multiple labels.
If the name of a locally managed zone matches the suffix
- of the name to be resolved,
- resolution SHOULD start from the respective local zone:
+ of the name to be resolved, resolution MUST start from the respective
local zone:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
Example name: www.example.org
@@ -1426,11 +1424,11 @@ com = (d2,zk2)
]]></artwork>
<t>
Finally, additional "suffix to zone" mappings MAY be configured.
- Suffix to zone key mappings SHOULD be configurable through a local
+ Suffix to zone key mappings MUST be configurable through a local
configuration file or database by the user or system administrator.
The suffix MAY consist of multiple GNS labels concatenated with a
".". If multiple suffixes match the name to resolve, the longest
- matching suffix MUST BE used. The suffix length of two results
+ matching suffix MUST be used. The suffix length of two results
cannot be equal, as this would indicate a misconfiguration.
If both a locally managed zone and a configuration entry exist
for the same suffix, the locally managed zone MUST have priority.
@@ -1510,10 +1508,8 @@ example.com = zk2
and the resolver MUST return an empty record set.
Finally, after the recursion terminates, the client preferences
- for the record type SHOULD be considered. If a VPN record is found
- and the client requests an A or AAAA record, the VPN record
- SHOULD be converted (<xref target="vpn_processing" />)
- if possible.
+ for the record type MUST be considered and possible conversions such as
+ defined in <xref target="vpn_processing" /> MUST be performed.
</li>
</ol>
<section anchor="delegation_processing" numbered="true" toc="default">
@@ -1586,7 +1582,7 @@ example.com = zk2
relative expiration time of one hour.
</t>
<t>
- GNS resolvers SHOULD offer a configuration
+ GNS resolvers MUST offer a configuration
option to disable DNS processing to avoid information leakage
and provide a consistent security profile for all name resolutions.
Such resolvers would return an empty record set upon encountering
@@ -1710,7 +1706,7 @@ NICK: john (Supplemental)
resolution MUST fail with an empty result set.
</t>
<t>
- In order to revoke a zone key, a signed revocation object SHOULD be
+ In order to revoke a zone key, a signed revocation object MUST be
published.
This object MUST be signed using the private zone key.
The revocation object is flooded in the overlay network. To prevent
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [lsd0001] branch master updated: update, gnunet, 2021/12/20
- [lsd0001] branch master updated: update, gnunet, 2021/12/20
- [lsd0001] branch master updated: update,
gnunet <=
- [lsd0001] branch master updated: update, gnunet, 2021/12/20
- [lsd0001] branch master updated: update, gnunet, 2021/12/20
- [lsd0001] branch master updated: update, gnunet, 2021/12/22
- [lsd0001] branch master updated: update, gnunet, 2021/12/22
- [lsd0001] branch master updated: update, gnunet, 2021/12/22