A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : NSEC5, DNSSEC Authenticated Denial of Existence
Authors : Jan Vcelak
Sharon Goldberg
Filename : draft-vcelak-nsec5-01.txt
Pages : 31
Date : 2015-09-21
Abstract:
The Domain Name System Security (DNSSEC) Extensions introduced the
NSEC resource record (RR) for authenticated denial of existence and
the NSEC3 for hashed authenticated denial of existence. The NSEC RR
allows for the entire zone contents to be enumerated if a server is
queried for carefully chosen domain names; N queries suffice to
enumerate a zone containing N names. The NSEC3 RR adds domain-name
hashing, which makes the zone enumeration harder, but not impossible.
This document introduces NSEC5, which provides an cryptographically-
proven mechanism that prevents zone enumeration. NSEC5 has the
additional advantage of not requiring private zone-signing keys to be
present on all authoritative servers for the zone.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-vcelak-nsec5/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-vcelak-nsec5-01
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-vcelak-nsec5-01
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
