Re: [DNSOP] Comments regarding the NSEC5
Jan Včelák <jan.vcelak@nic.cz> Mon, 16 March 2015 09:56 UTC
Return-Path: <jan.vcelak@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C851D1A86E6 for <dnsop@ietfa.amsl.com>; Mon, 16 Mar 2015 02:56:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.538
X-Spam-Level: *
X-Spam-Status: No, score=1.538 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_CZ=0.445, HOST_EQ_CZ=0.904, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzB_5oElWIBh for <dnsop@ietfa.amsl.com>; Mon, 16 Mar 2015 02:56:17 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 238D71A86E0 for <dnsop@ietf.org>; Mon, 16 Mar 2015 02:56:16 -0700 (PDT)
Received: from pc-cznic4.localnet (unknown [IPv6:2001:67c:1220:80c:2a92:4aff:feca:f18d]) by mail.nic.cz (Postfix) with ESMTPSA id 1BE8613FF16; Mon, 16 Mar 2015 10:56:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1426499774; bh=KXi9Zn61kB+Yrb+wUScjD3BpDYTHnYY3YfnXZPUdo2I=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Transfer-Encoding:Content-Type; b=FlMkBsVTtvOKs9ZoanvR+LS4fYkKxECa2JSrELn0Jsl1npaFl1ESizwuxOIBHG87S Gwf3O3/UVkj/rjqfdvjumccmCau67MkbhcLihG7OxvgNZEeNqgvJr9XdN3VDpbyaNy XkABxdX3lD7uKTVNFU74WfA+UC+Xrg4yEzrcUnEs=
From: Jan Včelák <jan.vcelak@nic.cz>
To: dnsop@ietf.org
Date: Mon, 16 Mar 2015 10:56:13 +0100
Message-ID: <16230113.HBcX0lRyl8@pc-cznic4>
Organization: CZ.NIC Labs
User-Agent: KMail/4.14.4 (Linux/4.0.0-0.rc2.git0.1.fc22.x86_64; KDE/4.14.6; x86_64; ; )
In-Reply-To: <55017AE5.3080103@redhat.com>
References: <55002098.5060709@redhat.com> <5418135.fhyjAyNSf0@pc-cznic4> <55017AE5.3080103@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
X-Virus-Scanned: clamav-milter 0.98.6 at mail
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/GycKRSOeU5HNq6tvERZQk0c0b_4>
Cc: Florian Weimer <fweimer@redhat.com>, Nicholas Weaver <nweaver@icsi.berkeley.edu>
Subject: Re: [DNSOP] Comments regarding the NSEC5
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2015 09:56:19 -0000
On Thursday, March 12, 2015 12:39:17 PM Florian Weimer wrote: > On 03/12/2015 11:36 AM, Jan Včelák wrote: > >> And does anyone actually use opt out with NSEC3? > > > > Yes, .com for example. My impression was that Opt-Out was the selling > > point of NSEC3, not the domain name hashing. > > Okay. Are they interested in switching to NSEC5? I was trying to say that TLDs use NSEC3 because of Opt-Out. This seems to be true, based on the information Edward sent in the "Using NSEC3 for opt-out" thread. The target audience for NSEC5 are people, who care about the zone enumeration. They could be using Minimally Covering NSEC Records or NSEC3 White Lies at the moment. Both of these mechanisms already require on-line signing and private zone signing keys on all authoritative servers. NSEC5 just removes the necessity to have keys on the servers. Jan
- Re: [DNSOP] Comments regarding the NSEC5 Ondřej Surý
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Bob Harold
- Re: [DNSOP] Comments regarding the NSEC5 Paul Hoffman
- Re: [DNSOP] Comments regarding the NSEC5 Paul Vixie
- Re: [DNSOP] Comments regarding the NSEC5 Edward Lewis
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Paul Hoffman
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Matthäus Wander
- Re: [DNSOP] Comments regarding the NSEC5 Warren Kumari
- Re: [DNSOP] Comments regarding the NSEC5 Paul Hoffman
- Re: [DNSOP] Comments regarding the NSEC5 Nicholas Weaver
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Bob Harold
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Bob Harold
- Re: [DNSOP] Comments regarding the NSEC5 Paul Wouters
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- [DNSOP] Comments regarding the NSEC5 Florian Weimer
- Re: [DNSOP] Comments regarding the NSEC5 Florian Weimer
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Nicholas Weaver
- Re: [DNSOP] Comments regarding the NSEC5 Paul Hoffman
- Re: [DNSOP] Comments regarding the NSEC5 Paul Wouters
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Florian Weimer
- Re: [DNSOP] Comments regarding the NSEC5 Jan Včelák
- Re: [DNSOP] Comments regarding the NSEC5 Florian Weimer