Re: [DNSOP] Updated NSEC5 protocol spec and paper

Frederico A C Neves <fneves@registro.br> Fri, 10 March 2017 18:30 UTC

Return-Path: <fneves@registro.br>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61C2B1296BF for <dnsop@ietfa.amsl.com>; Fri, 10 Mar 2017 10:30:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.923
X-Spam-Level:
X-Spam-Status: No, score=-6.923 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QhF1a-WpBdOP for <dnsop@ietfa.amsl.com>; Fri, 10 Mar 2017 10:30:28 -0800 (PST)
Received: from clone.registro.br (clone.registro.br [200.160.2.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 816221296A3 for <dnsop@ietf.org>; Fri, 10 Mar 2017 10:30:28 -0800 (PST)
Received: by clone.registro.br (Postfix, from userid 1000) id 3C7AAB50AD; Fri, 10 Mar 2017 15:30:26 -0300 (BRT)
Date: Fri, 10 Mar 2017 15:30:26 -0300
From: Frederico A C Neves <fneves@registro.br>
To: Shumon Huque <shuque@gmail.com>
Message-ID: <20170310183026.GM96485@registro.br>
References: <CAHPuVdXTcSaVcN6fBbPy3e=PgRvg8=GemSN_YFhzX387x8YW-A@mail.gmail.com> <CFBF172D-FDD7-4DE1-B5C5-7C76A7792549@vpnc.org> <A05B583C828C614EBAD1DA920D92866BD06F4468@PODCWMBXEX501.ctl.intranet> <20170310172655.GA92236@isc.org> <CAHw9_i+1TLLAkGP_D23R9kLq+0yacXVz70h1SO6CxZcrL4E+RA@mail.gmail.com> <CAHPuVdWXGLM6JjR3J53X50W4rcTndiw0UJTKWPxe16WR3znM9Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHPuVdWXGLM6JjR3J53X50W4rcTndiw0UJTKWPxe16WR3znM9Q@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Lmh8pTL6GknGTyFukBtvY6ifKTo>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Subject: Re: [DNSOP] Updated NSEC5 protocol spec and paper
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2017 18:30:29 -0000

On Fri, Mar 10, 2017 at 01:15:42PM -0500, Shumon Huque wrote:
...
> 
> Apparently there are many folks in the community who think so, otherwise
> NSEC3 would not have been developed. I personally don't care for any zones

I know others have already stated this but zone enumeration, at least
at that time, was never the real reason for NSEC3, size of signing
zones with mostly unsigned delegations was. This was only needed
because of the wg lack of management and sensibility to operators
needs leading to the historical debacle of opt-in. We changed the
name, and voila opt-out ;-)

Fred