Return-Path: X-Original-To: dnsop@ietfa.amsl.com Delivered-To: dnsop@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6D44128824 for ; Tue, 7 Mar 2017 07:30:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.698 X-Spam-Level: X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vly0pxJQjmOm for ; Tue, 7 Mar 2017 07:30:58 -0800 (PST) Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE41C128B44 for ; Tue, 7 Mar 2017 07:29:52 -0800 (PST) Received: by mail-it0-x22c.google.com with SMTP id m27so15231029iti.0 for ; Tue, 07 Mar 2017 07:29:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=qVIhwMJb/r3l2YFZmSzqKp7dF2yNGbZc1Y5InMODolY=; b=QrfcdyjaSh3Wm1zU38dDrgLhuTXAvTrJbWxyPyPWZvuIh/1hipswmHPYHdMsr6tUUV O1wFmcjq+6tn1XluU9MGpregczn5xJTamMa2LWSHKgLzVVO9gmcbrQPk5yye0MIUvvYv /x6bNhvV0kzPqFKHnneVx9wFdkGSTxidiijr9cGeavERo9IPjPE/xseD8vhD3jwhr4YA BHdBENr6PEw7rCPrtbfAa1WMvs4FenREJrv6R8qh13f18V+0qKOFbRc6tifFllT4qIlg FsP9cXsFB2A5fq6/j2tUyDkvvLhJMjppTf+gzGrJsMjAV9Zk1nI+xonNG+yGrc6BnyGv SC6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=qVIhwMJb/r3l2YFZmSzqKp7dF2yNGbZc1Y5InMODolY=; b=KNARlP6rA9IYgYc3hC+xQfQSvBtWrTF7d084dAolKm9ZJToq8Kp1KdEWrxAZRDXV7T qkFJT4xJr5XWN+Faovcva9nMe1vthP5t7LSOMIlOb21bcgSDF1VOxxTm4AwnEpdC1csE 1HG40VTXabtnMKKIzysLNkPelCWmDc2nKbrHm7Cw6rjlHqIRi+Dox0K5aA8yvIvtQ+57 uyCUu/j6NULsDb2tuHiHrwI6z3tgoRp5RHDDb7dJukm1JyQH7ERCd6llQzlUidw3+D+a +Ke0ugShx1Yz7m0/PvwT3lSNIcbdWJaHUcUrhc5RBH58l3POjDSP3DWPPvsYkXd0rtjB ZkCw== X-Gm-Message-State: AMke39noPWbfwJKUEBIfzZHR2WzJw+rxf/ADTHcPNIi14DBOIUa7aK5TntaG5CB9nCZmGEpr/7xrtN5TDxVKTA== X-Received: by 10.13.204.88 with SMTP id o85mr313961ywd.347.1488900591650; Tue, 07 Mar 2017 07:29:51 -0800 (PST) MIME-Version: 1.0 Received: by 10.129.50.205 with HTTP; Tue, 7 Mar 2017 07:29:51 -0800 (PST) From: Shumon Huque Date: Tue, 7 Mar 2017 10:29:51 -0500 Message-ID: To: "dnsop@ietf.org WG" Content-Type: multipart/alternative; boundary=001a11482484df20b2054a25ae71 Archived-At: Subject: [DNSOP] Updated NSEC5 protocol spec and paper X-BeenThere: dnsop@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IETF DNSOP WG mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2017 15:31:00 -0000 --001a11482484df20b2054a25ae71 Content-Type: text/plain; charset=UTF-8 Hi folks, We've requested an agenda slot at the DNSOP working group meeting at IETF98 to talk about the NSEC5 protocol. Our chairs have requested that we send out a note to the group ahead of time, so here it is. This protocol has not to our knowledge been presented at dnsop before, but has been discussed previously at other IETF venues, such as SAAG. Sharon Goldberg has recently presented NSEC5 to good reception at the following venues: 1) Real World Crypto conference, New York (Jan 2017) 2) IETF Boston Hub Meetup (Feb 2017) 3) DNS Privacy Workshop at NDSS'17 (Feb 2017) The latest NSEC5 protocol now supports elliptic curve cryptography, and uses verifiable random functions. The protocol has been implemented, and we have good performance results to share. There is a research paper, with many more details: https://eprint.iacr.org/2017/099.pdf The current draft for the NSEC5 spec is here: https://tools.ietf.org/html/draft-vcelak-nsec5-04 Some IETF security folk have recommended that we split out the VRF construction (currently described in the draft's appendix) into a separate draft, as it may be useful to other IETF protocols. We think that's a good idea and are working on it - we hope to have updated drafts before the IETF98 draft cutoff deadline. Hope to chat in person at IETF, and/or on the list. Shumon, Sharon, Dimitris, Jan, and Dave. --001a11482484df20b2054a25ae71 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi folks,

We've requeste= d an agenda slot at the DNSOP working group meeting at
IETF98 to = talk about the NSEC5 protocol. Our chairs have requested that=C2=A0
we send out a note to the group ahead of time, so here it is.
=
This protocol has not to our knowledge been presented at dns= op before,
but has been discussed previously at other IETF venues= , such as SAAG.

Sharon Goldberg has recently prese= nted NSEC5 to good reception at
the following venues:
<= br>
1) Real World Crypto conference, New York (Jan 2017)
2) IETF Boston Hub Meetup (Feb 2017)
3) DNS Privacy Workshop at= NDSS'17 (Feb 2017)

The latest NSEC5 protocol = now supports elliptic curve cryptography,
and uses verifiable ran= dom functions. The protocol has been implemented,
and we have goo= d performance results to share.

There is a researc= h paper, with many more details:


The current draft for the NSEC5 spec i= s here:


Some IETF security folk have recommen= ded that we split out the VRF
construction (currently described i= n the draft's appendix) into a
separate draft, as it may be u= seful to other IETF protocols. We think
that's a good idea an= d are working on it - we hope to have updated
drafts before the I= ETF98 draft cutoff deadline.

Hope to chat in perso= n at IETF, and/or on the list.

Shumon, Sharon, Dim= itris, Jan, and Dave.

--001a11482484df20b2054a25ae71--