Re: [DNSOP] What is the purpose of NSEC3 "closest encloser" proofs?

Shumon Huque <> Fri, 09 October 2020 03:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 08BB73A12D6 for <>; Thu, 8 Oct 2020 20:13:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zEMGGRrIT59l for <>; Thu, 8 Oct 2020 20:13:47 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 76EEC3A12D5 for <>; Thu, 8 Oct 2020 20:13:47 -0700 (PDT)
Received: by with SMTP id dg9so5526235edb.12 for <>; Thu, 08 Oct 2020 20:13:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CYEYNnb7P6PB3HyFVf2rj/lMEXnV8bh5m/z0u24Dq2Y=; b=CPPyGgsZx+09JEDWPSuaLv+QmOPiJPJaGTjLRl1/J4CvTdooWCu1utcwLmdi4egdxi +mffB8rcHo26UuvbXzXgGah3Gvz3IYutPCHAWtrRgXbY3wii502FHiZKGrkNVR3LlMDi A6TKnt+UQ7tg4v3G139Jgc38VK5uQ0QePH7pD6GbhBcH6KqFilCNEmAu0b8uRtaftM2C yZkvaVTzQKpYOC3WN4bapZk4GWrKzrdMWIBBM+oUvkMUNa6eQpl2yX9Raw5ec5pjgZp3 KwLof0HNyKZeg5VnOhOArdQS9qx1LUv1bmqSg2ehNSbB4+ItgGpUrbSD4BQgAeCTs0qT /H6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CYEYNnb7P6PB3HyFVf2rj/lMEXnV8bh5m/z0u24Dq2Y=; b=ptmNpiUlmFFx9ByD835VJMIdeXAtD0ftWF+nNEHk8l5eZ9N4BpbgS+BSbeqd77DsxY XGUMM+tHRuB1xAIk9jJ8kKoMIXOggmc1UHt8StaqAYM+s6RdcLIQxNOpwGWZSP8fAGmv yBSX4KOWe37BMeuthgdf9ot4S5vRNNHNstrctzZ3ZRcekITfPJJjM/eY+NLcotQSZWQA Xhm528Kdv8oJB3SCRdPyRGuIjdhyQqck6aorhmBp8cdj4mBEGAxjdgTVrxINSi+1vrFF V7+ZqVrvvYEWlBgUh9k6XmWNiTE4idbCzs1n9fTX70yMpKB36WfXhzKmiSbvJIoLILsR 8F6g==
X-Gm-Message-State: AOAM531kNwiiXB/brbIhnx410FHKaZ8v/fCbEWtqRjFYhf6+H1yVNWzA Msti3Izc03hrJxRCWHuw58UpaRZ1m8+dxzIBKnY=
X-Google-Smtp-Source: ABdhPJybNUj7JsTaswell41vkJ5T2iteypFlivWninFIoH4m/mTf+Si22MfHcly4PkmeuWox5TK763y6jF+l7+p7tyw=
X-Received: by 2002:aa7:ce0a:: with SMTP id d10mr12084465edv.254.1602213225930; Thu, 08 Oct 2020 20:13:45 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: Shumon Huque <>
Date: Thu, 08 Oct 2020 23:13:34 -0400
Message-ID: <>
To: Nick Johnson <>
Cc: dnsop WG <>
Content-Type: multipart/alternative; boundary="0000000000002fa1d305b13456de"
Archived-At: <>
Subject: Re: [DNSOP] What is the purpose of NSEC3 "closest encloser" proofs?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 09 Oct 2020 03:13:49 -0000

On Thu, Oct 8, 2020 at 10:38 PM Nick Johnson <> wrote:

> Let's use your example and say 'a.b.c.example' doesn't exist in the zone
>> example.
>> Let's also say the longest ancestor of this name that actually does exist
>> in the zone is 'c.example' (which could be an empty non-terminal or not --
>> either way, it will have an NSEC3 record matching the hash of the name).
>> The NXDOMAIN proof consists of:
>> ### Closest Encloser proof:
>> * the NSEC3 RR that matches the closest encloser name 'c.example'
>> * the NSEC3 RR that covers the next closer name 'b.c.example'
> Right; what I don't follow is why the second of those two proofs isn't
> sufficient. Doesn't that alone prove that a.b.c.example doesn't exist?

It does. But the first NSEC3 is required for two reasons: the NSEC3
negative proof is defined in terms of finding the longest ancestor of the
qname that does not exist, and also because we need to prove that the
wildcard synthesis was not possible. Both those things require us to
compute the closest encloser first.