IETF Logo Mail Archive

Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.

Olaf Kolkman <olaf@NLnetLabs.nl> Fri, 22 January 2010 12:54 UTC

Return-Path: <olaf@NLnetLabs.nl>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2AFFD3A698E for <dnsop@core3.amsl.com>; Fri, 22 Jan 2010 04:54:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.55
X-Spam-Level:
X-Spam-Status: No, score=-102.55 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WpV1VZZigtTP for <dnsop@core3.amsl.com>; Fri, 22 Jan 2010 04:54:15 -0800 (PST)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by core3.amsl.com (Postfix) with ESMTP id CDD9A3A6804 for <dnsop@ietf.org>; Fri, 22 Jan 2010 04:54:14 -0800 (PST)
Received: from [IPv6:2001:7b8:206:1:226:bbff:fe0e:7cc7] ([IPv6:2001:7b8:206:1:226:bbff:fe0e:7cc7]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id o0MCs4eI059260 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 22 Jan 2010 13:54:04 +0100 (CET) (envelope-from olaf@NLnetLabs.nl)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Olaf Kolkman <olaf@NLnetLabs.nl>
In-Reply-To: <201001221209.o0MC9BTi050626@drugs.dv.isc.org>
Date: Fri, 22 Jan 2010 13:54:04 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <73CA2B67-5CE6-463A-827B-C7007137C909@NLnetLabs.nl>
References: <200904282021.n3SKL3sg051528@givry.fdupont.fr> <59A58419-FDBD-4810-B2FA-0D293FFA00A5@NLnetLabs.nl> <alpine.LFD.1.10.1001211245180.12114@newtla.xelerance.com> <1AEAE091-2EB3-41DC-A51B-8DD49C10FAD5@NLnetLabs.nl> <201001221209.o0MC9BTi050626@drugs.dv.isc.org>
To: Mark Andrews <marka@isc.org>
X-Mailer: Apple Mail (2.1077)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]); Fri, 22 Jan 2010 13:54:04 +0100 (CET)
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2010 12:54:16 -0000

On Jan 22, 2010, at 1:09 PM, Mark Andrews wrote:

> 
> Additionally NSEC3 provides no real benefit is highly structured zones
> like IP6.ARPA.  It is relatively easy to enumerate a IP6.ARPA zone even
> if it is using NSEC3 by making use of the zone's structure.



ACK good point. Maybe we need a little more descriptive about the methodology how the structure can be explored.


--Olaf
________________________________________________________ 

Olaf M. Kolkman                        NLnet Labs
                                       Science Park 140, 
http://www.nlnetlabs.nl/               1098 XG Amsterdam

v2.23.0 | Report a Bug | By Email