[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LSD0001 review

From: Maxime Devos
Subject: LSD0001 review
Date: Mon, 07 Feb 2022 12:37:56 +0100
User-agent: Evolution 3.38.3-1


> Name
>     A name in GNS is a domain name as defined in [RFC8499] as an
> ordered list of labels. The labels in a name are separated using the
> character "." (dot). Names, like labels, are encoded in UTF-8.

Does that mean, no punycode, unlike DNS?  Does GNUnet's GNS<->DNS code
handle punycode conversion?

> GNS TLDs are typically part of the configuration of the local
> resolver (see Section 7.1), and may thus not be globally unique

This reads to me as ’it is forbidden for them to be unique’,
whereas I assume it was meant ‘and thus are not necessarily
globally unique’ -- if I name a TLD, say, maximed-943438-foobar, then
it's probably globally unique.

It's clear from context though, and this sentence can be read
in the latter way as well.

>  In order to further increase tolerance for failures in character
>  recognition, the letter "U" MUST be decoded to the same Base32 value
>  as the letter "V".

Does this mean that, if I point a browser at a zTLD with a 'U',
then the browser should change it to a 'V' (if the browser has GNS
integration)?  How does this interact with the domain name in TLS and
HTTP?  If the server expects a certain (subdomain of a) zTLD, does it
need to recognise equivalent encodings?

Likewise for 1IiLl, Aa, Bb, ...

>     denotes the absolute 64-bit date when the revocation was
>  computed. In microseconds since midnight (0 hour), January 1, 1970
> in network byte order

Do leap seconds count? What timezone is this?

>    The name to continue with in DNS. The value is UTF-8 encoded and >
>    The DNS server to use. May be an IPv4 address in dotted-decimal
> form or an IPv6 address in colon-hexadecimal form or a DNS name.

How is using a DNS name for the DNS server supposed to work, how are
we supposed to resolve the name of the DNS server without a pre-
existing DNS server?  This seems rather cyclic.

Perhaps the ‘standard’ DNS root servers need to be contacted
(indirectly, via the ISP's DNS servers)?

If the peer doesn't have DNS set up, or it does have DNS set up
by redirecting it to GNS, what is supposed to happen?

Can I use localhost or loopback as IP address?
If I can use localhost or loopback here, how is that interpreted?
The peer that initiated the GNS query?  The peer that contacts the DHT
system?  The peer that created the GNS record?

> It
> may also be a relative GNS name ending with a "+" as the rightmost
> label. The implementation MUST check the string syntactically for an
> IP address in the respective notation before checking for a relative
> GNS name. If all three checks fail, the name MUST be treated as a DNS
> name. The value is UTF-8 encoded and 0-terminated.
>  NOTE: If an application uses DNS names obtained from GNS2DNS records
in a DNS request they must first be converted to a punycode
representation [RFC5890].

I'm not sure what this note means exactly.  Does this mean that DNS
NAME and DNS SERVER NAME must be in punycode?  Or do they not need
to be in punycode, instead the name in the record should be converted
into punycode before contacting the DNS server?

Are IPv6 addresses with surrounding [] or without?

>     A UTF-8 string (which is not 0-terminated) representing the
>  legacy hostname.

What happens if it contaings \0, or ends with two dots, does that mean
the LEHO record is invalid and must be rejected?  If it is in punycode,
why say ‘A UTF-8 string’ instead of ’an ASCII string’?

>    A UTF-8 string (which is not 0-terminated) representing the
> preferred label of the zone. This string MUST NOT include a "."
> character.

Can I have a nickname "SOME-ZTLD", "@", "foo<nul byte>bar", "foo;bar",
"foo@bar", "@", "an UTF-8 string not in canonical form",
"special<characters" or "" (zero-length string)?

>     A 32-bit signature purpose flag. For a RRBLOCK the value of this
> field MUST be 15. The value is encoded in network byte order. The
> value of this field corresponds to an entry in the GANA "GNUnet
> Signature Purpose" registry.

What should happen if unrecognised flags are encountered?

>  7.3.3. BOX
> When a BOX record is received, a GNS resolver must unbox it if the
> name to be resolved continues with "_SERVICE._PROTO". Otherwise, the
> BOX record is to be left untouched. This way, TLSA (and SRV) records
> do not require a separate network request, and TLSA records become
> inseparable from the corresponding address records.

What happens if try to run a web server at
"http://_SERVICE._PROTO.domain.tld" (assuming there's a AAAA record
or something there) and the user points the browser
at "http://_SERVICE._PROTO.domain.tld";? Success, failure?


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]