IETF Logo Mail Archive

[DNSOP] Empty Non-Terminal sentinel for Black Lies

Shumon Huque <shuque@gmail.com> Tue, 27 July 2021 23:35 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B3183A1002 for <dnsop@ietfa.amsl.com>; Tue, 27 Jul 2021 16:35:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pblpuxOnrisG for <dnsop@ietfa.amsl.com>; Tue, 27 Jul 2021 16:35:13 -0700 (PDT)
Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D16CE3A0FFD for <dnsop@ietf.org>; Tue, 27 Jul 2021 16:35:12 -0700 (PDT)
Received: by mail-ej1-x636.google.com with SMTP id gn26so1509368ejc.3 for <dnsop@ietf.org>; Tue, 27 Jul 2021 16:35:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Cwl3o6Oj3eJbx2Reg4KPDxfUTnr0pGUUKpf82pBe+jw=; b=CAEZtfAUPqYCC4bhsJUpIKGk7FRcb4X5j7PlIi9qzW/i0A29f7pe2pyED0DcUCOJ2/ ewUCUjpMCTcc8EsurNUW1zS7fybYr8Zw/dYQPhBSUyh8m5FvdgEMqiYH+0EvkUQx6VbJ j4kIZfzpZUv66JPBocmdjC/DZgA9vHht4YEskpFE7qLAVQfYg9YFnsOGUoGvQhTPRQ/G 5UmYN+XiHK1FHXCIr8Ef/t8Lu1GgwgfGumdNIUsxFjo111FOo+70uZEBVTJraQLqFbYR TJ8Ln6GUgfqUkhVaTUXqEcqNEGF/5dpuRsHVtOypZgoSSvlJ9MqTx83Mr8iMEvKT8HWs TVRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Cwl3o6Oj3eJbx2Reg4KPDxfUTnr0pGUUKpf82pBe+jw=; b=GhrNN7QxhafOaHZfMxvD6W2dJZwQ6CUPAW/19/gllH1RoZDDk1m+9ROjFiMddrUxGy WyaY2ADzBlzzYqp6xa8/jqmG5ee4Vsf7Xv7gBorkCN0aZh2UN5N0XVDq8kwVs58k5eek tJK4Kbie7AsNeBW5laO7o8e6l3T/6bkuhAYaWZR5aidDpFTUMDjK4ABUCuElxQ9S2s2B Cm+OlxC+BwikvLguOoqANKnSwdFLRUpVOh6Q1JXprIe/N3H0lfFvQ0dWJoFy4NBQPbHX RU1/I4KxwfbZJnbSjtTun/hK2/LsMZLwQAL4P4En8PtysKaI0Bh9+xn6rHNCWJM4WtE1 rqpQ==
X-Gm-Message-State: AOAM532C1Z4vmVnqTS+A56AkYPSS0zIe8M1AoDNM8Ed94Drb0JBmsNgX pXpb0EHKs5uTJFNdm3Je2VVjNS1eWyXAPJShneWAvtM3uCE+bg==
X-Google-Smtp-Source: ABdhPJx0XASPPOruMwdH2chIbkEsOMqDwohvLoWVnmu2/NjRL14ZBVEi+9oKueTkxR+2NwA11sbw0kngXkovDGAloNg=
X-Received: by 2002:a17:906:4f97:: with SMTP id o23mr17871880eju.418.1627428909804; Tue, 27 Jul 2021 16:35:09 -0700 (PDT)
MIME-Version: 1.0
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 27 Jul 2021 19:34:59 -0400
Message-ID: <CAHPuVdV6s1wM6Qc3uAhRQurVg2mMocRCTPmpVHHkBHW9FWV5Cg@mail.gmail.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000010f16205c823520b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/jf1TwKoqjXb2C4Mvr_UIWhfr29U>
Subject: [DNSOP] Empty Non-Terminal sentinel for Black Lies
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 23:35:17 -0000

Folks,

While we have the attention of DNSOP folks this week, I'd like to ask for
review of this draft (I meant to send it earlier in time for f2f discussion
on Tuesday, but better late than never).

    https://datatracker.ietf.org/doc/html/draft-huque-dnsop-blacklies-ent-01

Excerpt:

               Empty Non-Terminal Sentinel for Black Lies

Abstract

   The Black Lies method of providing compact DNSSEC denial of existence
   proofs has some operational implications.  Depending on the specific
   implementation, it may provide no way to reliably distinguish Empty
   Non-Terminal names from names that actually do not exist.  This draft
   describes the use of a synthetic DNS resource record type to act as
   an explicit signal for Empty Non-Terminal names and which is conveyed
   in an NSEC type bitmap.

[...]

Thanks!
Shumon.

v2.23.0 | Report a Bug | By Email