IETF Logo Mail Archive

Re: [dnsext] Authenticated denial of existence...

Matthijs Mekking <matthijs@nlnetlabs.nl> Thu, 28 November 2013 10:14 UTC

Return-Path: <matthijs@nlnetlabs.nl>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C14A21AD687 for <dnsext@ietfa.amsl.com>; Thu, 28 Nov 2013 02:14:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.907
X-Spam-Level:
X-Spam-Status: No, score=-99.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oIU9YTklbTAK for <dnsext@ietfa.amsl.com>; Thu, 28 Nov 2013 02:14:35 -0800 (PST)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 617481ABBB1 for <dnsext@ietf.org>; Thu, 28 Nov 2013 02:14:35 -0800 (PST)
Received: from [213.154.224.18] (zoidberg.nlnetlabs.nl [213.154.224.18]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.7/8.14.4) with ESMTP id rASAESDc015490 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT) for <dnsext@ietf.org>; Thu, 28 Nov 2013 11:14:29 +0100 (CET) (envelope-from matthijs@nlnetlabs.nl)
Authentication-Results: open.nlnetlabs.nl; dmarc=none header.from=nlnetlabs.nl
DKIM-Filter: OpenDKIM Filter v2.8.3 open.nlnetlabs.nl rASAESDc015490
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1385633673; bh=2+xDzeOODLsQ4Y2rnk3WFkZDekBb/aNhjNGmbsjKQ1E=; h=Date:From:To:Subject:References:In-Reply-To; b=A5X3u/bC5rKkYZaHrLn0sFqpDslTi422pZ46zsMIWZAinW6t8vmaE1ORRjwOL28ib M3Jv5yITaudp35kPJbskwQF0FWk0L0qpE7b6iifg17Wm1SwsDVY5HbePdhCHCP/fjI ML2LxlZFSbxN/owoKIXbMzzOcFPMMudhk2wNckuc=
X-Authentication-Warning: open.nlnetlabs.nl: Host zoidberg.nlnetlabs.nl [213.154.224.18] claimed to be [213.154.224.18]
Message-ID: <52971784.6050700@nlnetlabs.nl>
Date: Thu, 28 Nov 2013 11:14:28 +0100
From: Matthijs Mekking <matthijs@nlnetlabs.nl>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: dnsext@ietf.org
References: <CFD6B510-D70E-4308-BF3E-B2E7C2ADCBEB@nominum.com> <alpine.LSU.2.00.1311201202570.11548@hermes-2.csi.cam.ac.uk> <21132.63250.716415.755401@gro.dd.org> <20131125140508.GB20994@miek.nl> <alpine.LSU.2.00.1311251538220.24198@hermes-2.csi.cam.ac.uk> <52937303.4070904@sidn.nl> <alpine.LSU.2.00.1311251558261.11548@hermes-2.csi.cam.ac.uk> <52944A39.50602@nlnetlabs.nl> <alpine.LSU.2.00.1311261034550.11548@hermes-2.csi.cam.ac.uk>
In-Reply-To: <alpine.LSU.2.00.1311261034550.11548@hermes-2.csi.cam.ac.uk>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (open.nlnetlabs.nl [213.154.224.1]); Thu, 28 Nov 2013 11:14:29 +0100 (CET)
Subject: Re: [dnsext] Authenticated denial of existence...
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2013 10:14:37 -0000

Hi,

FYI, Miek and I posted a new version of this document which diff is very
small compared to -04.

Best regards,
  Matthijs


Changelog:
   1.  Minor fixes and adjustments.

URL:

http://www.ietf.org/internet-drafts/draft-gieben-auth-denial-of-existence-dns-05.txt

Diff:

http://www.ietf.org/rfcdiff?url2=draft-gieben-auth-denial-of-existence-dns-05

Abstract:
   Authenticated denial of existence allows a resolver to validate that
   a certain domain name does not exist.  It is also used to signal that
   a domain name exists, but does not have the specific RR type you were
   asking for.  When returning a negative DNSSEC response, a name server
   usually includes up to two NSEC records.  With NSEC3 this amount is
   three.

   This document provides additional background commentary and some
   context for the NSEC and NSEC3 mechanisms used by DNSSEC to provide
   authenticated denial of existence responses.

v2.39.1 | Report a Bug | By Email | System Status