[DNSOP] Empty Non-Terminal sentinel for Black Lies
Shumon Huque <shuque@gmail.com> Tue, 27 July 2021 23:35 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B3183A1002 for <dnsop@ietfa.amsl.com>; Tue, 27 Jul 2021 16:35:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pblpuxOnrisG for <dnsop@ietfa.amsl.com>; Tue, 27 Jul 2021 16:35:13 -0700 (PDT)
Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D16CE3A0FFD for <dnsop@ietf.org>; Tue, 27 Jul 2021 16:35:12 -0700 (PDT)
Received: by mail-ej1-x636.google.com with SMTP id gn26so1509368ejc.3 for <dnsop@ietf.org>; Tue, 27 Jul 2021 16:35:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Cwl3o6Oj3eJbx2Reg4KPDxfUTnr0pGUUKpf82pBe+jw=; b=CAEZtfAUPqYCC4bhsJUpIKGk7FRcb4X5j7PlIi9qzW/i0A29f7pe2pyED0DcUCOJ2/ ewUCUjpMCTcc8EsurNUW1zS7fybYr8Zw/dYQPhBSUyh8m5FvdgEMqiYH+0EvkUQx6VbJ j4kIZfzpZUv66JPBocmdjC/DZgA9vHht4YEskpFE7qLAVQfYg9YFnsOGUoGvQhTPRQ/G 5UmYN+XiHK1FHXCIr8Ef/t8Lu1GgwgfGumdNIUsxFjo111FOo+70uZEBVTJraQLqFbYR TJ8Ln6GUgfqUkhVaTUXqEcqNEGF/5dpuRsHVtOypZgoSSvlJ9MqTx83Mr8iMEvKT8HWs TVRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Cwl3o6Oj3eJbx2Reg4KPDxfUTnr0pGUUKpf82pBe+jw=; b=GhrNN7QxhafOaHZfMxvD6W2dJZwQ6CUPAW/19/gllH1RoZDDk1m+9ROjFiMddrUxGy WyaY2ADzBlzzYqp6xa8/jqmG5ee4Vsf7Xv7gBorkCN0aZh2UN5N0XVDq8kwVs58k5eek tJK4Kbie7AsNeBW5laO7o8e6l3T/6bkuhAYaWZR5aidDpFTUMDjK4ABUCuElxQ9S2s2B Cm+OlxC+BwikvLguOoqANKnSwdFLRUpVOh6Q1JXprIe/N3H0lfFvQ0dWJoFy4NBQPbHX RU1/I4KxwfbZJnbSjtTun/hK2/LsMZLwQAL4P4En8PtysKaI0Bh9+xn6rHNCWJM4WtE1 rqpQ==
X-Gm-Message-State: AOAM532C1Z4vmVnqTS+A56AkYPSS0zIe8M1AoDNM8Ed94Drb0JBmsNgX pXpb0EHKs5uTJFNdm3Je2VVjNS1eWyXAPJShneWAvtM3uCE+bg==
X-Google-Smtp-Source: ABdhPJx0XASPPOruMwdH2chIbkEsOMqDwohvLoWVnmu2/NjRL14ZBVEi+9oKueTkxR+2NwA11sbw0kngXkovDGAloNg=
X-Received: by 2002:a17:906:4f97:: with SMTP id o23mr17871880eju.418.1627428909804; Tue, 27 Jul 2021 16:35:09 -0700 (PDT)
MIME-Version: 1.0
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 27 Jul 2021 19:34:59 -0400
Message-ID: <CAHPuVdV6s1wM6Qc3uAhRQurVg2mMocRCTPmpVHHkBHW9FWV5Cg@mail.gmail.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000010f16205c823520b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/jf1TwKoqjXb2C4Mvr_UIWhfr29U>
Subject: [DNSOP] Empty Non-Terminal sentinel for Black Lies
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 23:35:17 -0000
Folks, While we have the attention of DNSOP folks this week, I'd like to ask for review of this draft (I meant to send it earlier in time for f2f discussion on Tuesday, but better late than never). https://datatracker.ietf.org/doc/html/draft-huque-dnsop-blacklies-ent-01 Excerpt: Empty Non-Terminal Sentinel for Black Lies Abstract The Black Lies method of providing compact DNSSEC denial of existence proofs has some operational implications. Depending on the specific implementation, it may provide no way to reliably distinguish Empty Non-Terminal names from names that actually do not exist. This draft describes the use of a synthetic DNS resource record type to act as an explicit signal for Empty Non-Terminal names and which is conveyed in an NSEC type bitmap. [...] Thanks! Shumon.
- [DNSOP] Empty Non-Terminal sentinel for Black Lies Shumon Huque
- Re: [DNSOP] Empty Non-Terminal sentinel for Black… Brian Dickson
- Re: [DNSOP] Empty Non-Terminal sentinel for Black… Shumon Huque
- Re: [DNSOP] Empty Non-Terminal sentinel for Black… Ralf Weber
- Re: [DNSOP] Empty Non-Terminal sentinel for Black… Shumon Huque
- Re: [DNSOP] Empty Non-Terminal sentinel for Black… Hollenbeck, Scott
- Re: [DNSOP] Empty Non-Terminal sentinel for Black… Shumon Huque
- Re: [DNSOP] Empty Non-Terminal sentinel for Black… Peter van Dijk
- Re: [DNSOP] Empty Non-Terminal sentinel for Black… Shumon Huque