JFTR I don't think the target audience is TLDs, but I have heard a several times speaking to me that they won't implement DNSSEC because of enumeration (citing djb's paper on NSEC3 offline enumeration). Those folks are the target audience for the cryptographically proven anti-enumeration solution.
Cheers, Ondrej -- Ondřej Surý -- Chief Science Officer -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:[email protected] https://nic.cz/ -------------------------------------------- ----- Original Message ----- > From: "Florian Weimer" <[email protected]> > To: "Jan Včelák" <[email protected]> > Cc: [email protected], "Nicholas Weaver" <[email protected]> > Sent: Thursday, March 12, 2015 12:39:17 PM > Subject: Re: [DNSOP] Comments regarding the NSEC5 > On 03/12/2015 11:36 AM, Jan Včelák wrote: > >>> And does anyone actually use opt out with NSEC3? >> >> Yes, .com for example. My impression was that Opt-Out was the selling point >> of >> NSEC3, not the domain name hashing. > > Okay. Are they interested in switching to NSEC5? > > -- > Florian Weimer / Red Hat Product Security > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
