Compact Denial of Existence in DNSSEC
draft-huque-dnsop-compact-lies-01
| Document | Type |
Replaced Internet-Draft
(dnsop WG)
Expired & archived
|
|
|---|---|---|---|
| Authors | Shumon Huque , Christian Elmerot | ||
| Last updated | 2023-04-27 (Latest revision 2023-03-03) | ||
| Replaced by | draft-ietf-dnsop-compact-denial-of-existence | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Adopted by a WG | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-dnsop-compact-denial-of-existence | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document describes a technique to generate a signed DNS response on demand for a non-existent name by claiming that the name exists but doesn't have any data for the queried record type. Such answers require only one minimal NSEC record, allow online signing servers to minimize signing operations and response sizes, and prevent zone content disclosure.
Authors
Shumon Huque
Christian Elmerot
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)