Hi folks,
We've posted a new draft describing the former "Black Lies" mechanism
for authenticated denial, now renamed as "Compact Lies".
https://datatracker.ietf.org/doc/draft-huque-dnsop-compact-lies/
We are hoping to discuss it here and at IETF116, and see if there is
interest in adopting the work and publishing it. We feel that it deserves a
stable published specification since it is now one of the dominant forms
of authenticated denial deployed amongst the commercial online signers
today (notably Cloudflare, NS1, and Amazon Route53).
The draft includes the NXDOMAIN/Empty Non-Terminal distinguisher
mechanism I described at IETF 111 (
https://datatracker.ietf.org/meeting/111/materials/slides-111-dnsop-sessb-black-lies-ent-sentinel-01
) and currently implemented
by NS1.
Christian and I are currently discussing some tweaks to that mechanism
which we will broach in a separate email thread shortly. This thread can be
used for general comments on the topic of the draft.
George Michaelson, in private email to me, has expressed the view
that we shouldn't be calling these mechanisms "Lies" any more (I'm
sure he will elaborate if he is inclined). I'm personally okay with that,
and if
there is agreement, we could just call this Compact Denial of Existence,
and discard the "Lies" meme.
Shumon
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
