[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0001] branch master updated: define and use apex label
|
From: |
gnunet |
|
Subject: |
[lsd0001] branch master updated: define and use apex label |
|
Date: |
Sun, 06 Feb 2022 08:22:02 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new 5edbe6d define and use apex label
5edbe6d is described below
commit 5edbe6deb159592546dabb3d039d6a4c7314be2d
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Sun Feb 6 08:21:55 2022 +0100
define and use apex label
---
draft-schanzen-gns.xml | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 5094f79..f8cb2fe 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -193,12 +193,15 @@
Within this document, labels are always assumed to be strings of
UTF-8 characters <xref target="RFC8499"/> with a maximum length of
63 bytes. Labels MUST be canonicalized using
- Normalization Form C (NFC) <xref target="Unicode-UAX15"/>.
- The empty label is represented using the character "@" (without
+ Normalization Form C (NFC) <xref target="Unicode-UAX15"/>.
+ </dd>
+ <dt>Apex Label</t>
+ <dd>
+ The apex label is represented using the character "@" (without
quotes).
- The empty label is used to publish resource
+ The apex label is used to publish resource
records in a zone that can be resolved without providing a specific
- label. It is the GNS method provide what is the "zone apex" in DNS
+ name. It is the GNS method to provide what is the "zone apex" in DNS
<xref target="RFC4033"/>.
</dd>
<dt>Name</dt>
@@ -222,7 +225,7 @@
<dd>
A GNS zone contains authoritative information (resource records).
A zone is uniquely identified by its zone key. Unlike DNS zones,
- a GNS zone does not need to have a SOA record under the empty label.
+ a GNS zone does not need to have a SOA record under the apex label.
</dd>
<dt>Zone Type</dt>
<dd>
@@ -908,7 +911,7 @@ zTLD := zkl[126..129].zkl[63..125].zkl[0..62]
determined to be cryptographically insecure, or if an application has
reasons to not support delegation to DNS for reasons such as complexity
or security. Zone delegation records MUST NOT be stored and published
- under the empty label.
+ under the apex label.
A zone delegation record type value is the same as the respective ztype
value.
The ztype defines the cryptographic primitives for the zone that is
@@ -1486,7 +1489,7 @@ S-Decrypt(zk,label,expiration,ciphertext):
This is a suggestion to other zones what label to use when creating a
delegation record (<xref target="gnsrecords_delegation" />) containing
this zone key.
- This record SHOULD only be stored under the empty label "@" but MAY be
+ This record SHOULD only be stored under the apex label "@" but MAY be
returned with record sets under any label as a supplemental record.
<xref target="nick_processing"/> details how a resolver must process
supplemental and non-supplemental NICK records.
@@ -1939,7 +1942,7 @@ example.com = zk2
In each step of the recursive name resolution, there is an
authoritative zone zk and a name to resolve. The name may be empty.
Initially, the authoritative zone is the start zone. If the name
- is empty, it is interpreted as the empty label "@".
+ is empty, it is interpreted as the apex label "@".
</t>
<t>
From here, the following steps are recursively executed, in order:
@@ -2097,7 +2100,7 @@ example.com = zk2
and provide a consistent security profile for all name
resolutions.
Such resolvers would return an empty record set upon encountering
a GNS2DNS record during the recursion. However, if GNS2DNS records
- are encountered in the record set for the empty label and a
GNS2DNS record
+ are encountered in the record set for the apex label and a
GNS2DNS record
is explicitly requested by the application, such records MUST
still be returned, even if DNS support is disabled by the
GNS resolver configuration.
@@ -2126,7 +2129,7 @@ example.com = zk2
delegations under a single label.
Implementations MAY support any subset of ztypes.
Handling of
- Implementations MUST NOT process zone delegation for the empty
+ Implementations MUST NOT process zone delegation for the apex
label "@". Upon encountering a zone delegation record under
this label, resolution fails and an error MUST be returned. The
implementation MAY choose not to return the reason for the
failure,
@@ -2136,7 +2139,7 @@ example.com = zk2
If the remainder of the name to resolve is empty and we have
received a record set containing only a single delegation record,
the
recursion is continued with the record value as authoritative zone
- and the empty label "@" as remaining name.
+ and the apex label "@" as remaining name.
Except in the case where the desired record type as specified by
the client is equal to the ztype, in which case the delegation
record is returned.
@@ -2170,7 +2173,7 @@ NICK: eve (non-Supplemental)
<t>
In this example, the returned NICK record is non-supplemental.
For the client, this means that the NICK belongs to the zone
- "alice.example" and is published under the empty label along with an
A
+ "alice.example" and is published under the apex label along with an A
record. The NICK record should be interpreted as: The zone defined by
"alice.example" wants to be referred to as "eve".
In contrast, consider the following:
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0001] branch master updated: define and use apex label,
gnunet <=