On Wed, 11 Mar 2015, Nicholas Weaver wrote:
Why not just do something simpler? The only thing NSEC5 really differs in a
way that counts is not in the NSEC record but really just the DNSKEY handling,
having a separate key used for signing the NSEC* records.
So why define NSEC5 at all.
Instead, just specify a separate flag for the DNSKEY record, "NSEC-only", sign
the NSEC3 dynamically, bada bing, bada boom, done!
For old resolvers, they just ignore the flag and treat it like any other DNSKEY
record, and since the valid names are signed with the other key, while the
NSEC* are signed with this key, it works just fine.
For upgraded resolvers, they follow the convention and only will accept RRSIGs
for NSEC/NSEC3 with that DNSKEY record.
And then on the authority side, you just dynamically generate and sign the
NSEC3 record that says H(name)-1 to H(name)+1 has no valid record and sign that
with the NSEC-only key.
This way, you gain the protection against enumeration and the limited damage on
key compromise property when validated by upgraded resolvers, and you still get
the protection against enumeration when the resolver isn't upgraded, and you
don't need to upgrade the resolver in order for this to be deployed.
I agree. Guess we would find out how much of a DDOS this dynamic signing
will be though :P
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
