[dnsext] NSEC4
Miek Gieben <miek@miek.nl> Wed, 04 January 2012 09:29 UTC
Return-Path: <miekg@atoom.net>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED08C21F864D for <dnsext@ietfa.amsl.com>; Wed, 4 Jan 2012 01:29:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.298
X-Spam-Level:
X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[AWL=0.302, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X49Ey9YwAn6A for <dnsext@ietfa.amsl.com>; Wed, 4 Jan 2012 01:29:47 -0800 (PST)
Received: from elektron.atoom.net (cl-201.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:c8::2]) by ietfa.amsl.com (Postfix) with ESMTP id 69C9F21F8600 for <dnsext@ietf.org>; Wed, 4 Jan 2012 01:29:47 -0800 (PST)
Received: by elektron.atoom.net (Postfix, from userid 1000) id 9060B3FFFB; Wed, 4 Jan 2012 10:29:46 +0100 (CET)
Date: Wed, 04 Jan 2012 10:29:46 +0100
From: Miek Gieben <miek@miek.nl>
To: dnsext list <dnsext@ietf.org>
Message-ID: <20120104092946.GA4199@miek.nl>
Mail-Followup-To: dnsext list <dnsext@ietf.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="VbJkn9YxBvnuCH5J"
Content-Disposition: inline
User-Agent: Vim/Mutt/Linux
X-Home: http://www.miek.nl
Subject: [dnsext] NSEC4
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2012 09:29:48 -0000
Dear dnsext,
We have written down a little experiment that we have performed, called NSEC4.
The goal of the experiment was to optimize denial of existence records.
It is not our intention to standardize this, as we are aware of the backwards
compatibility issues this has with the current DNSSEC family RFCs, and we do
not want to discomfort the ongoing DNSSEC deployment.
However, we do want to document this to archive the insights we have gained
by doing this experiment. Therefor, we have submitted the following draft:
http://www.ietf.org/id/draft-gieben-nsec4-00.txt
This experiment resolves two things:
* Reduces the size of the denial of existence response;
* Adds Opt-Out to un-hashed names.
We would be grateful if you would like to read this.
Our question is what is the best place to archive this? Re-reading RFC 2026,
we are considering to put this on the experimental non-standards track.
Thoughts?
Best regards,
Miek Gieben,
Matthijs Mekking
- [dnsext] NSEC4 Miek Gieben
- Re: [dnsext] NSEC4 Roy Arends
- Re: [dnsext] NSEC4 Matthijs Mekking
- Re: [dnsext] NSEC4 Ben Laurie
- Re: [dnsext] NSEC4 Andrew Sullivan
- Re: [dnsext] NSEC4 Matthijs Mekking
- Re: [dnsext] NSEC4 Ben Laurie
- Re: [dnsext] NSEC4 Blacka, David
- Re: [dnsext] NSEC4 Miek Gieben
- Re: [dnsext] NSEC4 Alex Bligh
- Re: [dnsext] NSEC4 Miek Gieben