On Sat, 20 Feb 2010, Alex Bligh wrote:
There are two meachanisms to provide authenticated proof of
exsitance/non-existance in DNSSEC.
I don't believe either provides proof of existence (apart from
existence of the NSECx record).
If you can proof one, you can also proof the other :)
I think they both only provide
proof of non-existence (and in the case of NSEC3 opt out, not
even that).
That I agree with. NSEC3 plus OPT-OUT does not give a full
authenticated proof of non-existance.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
