On 2023-03-28 06:41, Shumon Huque wrote:
On Tue, Mar 28, 2023 at 10:01 AM Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:[ Multi-response to four upthread messages. ] ------- On Fri, Mar 03, 2023 at 06:23:11PM -0500, Shumon Huque wrote: > Thanks for your comments. We've posted an updated draft (-01): > > https://datatracker.ietf.org/doc/html/draft-huque-dnsop-compact-lies-01 [ Copied from today's dns-operations post on the same general topic. ] A possibly inconvenient question, just to make sure we're not ignoring the obvious sceptical position: * How compelling is compact DoE? The reason to ask is that both the original and now modified protocols involve non-trivial complexity, and would likely require resolvers to respond differently to queries with the DO bit set (pass them the NODATA "truth" along with the NXNAME signal) vs. queries that don't request validated answers (pass them the inferred NXDOMAIN). The savings vs. actual by-the-book NSEC responses appear to be a 2x reduction in the number of signatures to compute (the SOA RRSIG is presumably easily cached) and a 1.5x reduction in the number of signatures to transmit (SOA + 1 NSEC, vs. SOA + 2 NSEC). Do the CPU and packet size reductions justify the additional protocol complexity?I'll also regurgitate my message here from the dns-operations@ list thread:That's a reasonable question, and perhaps best directed to the originators of the scheme at Cloudflare. I don't know if there have been any measurement studies or analyses of the cost benefits vs by-the-book DNSSEC. There are currently 3 large commercial DNS providers that have had it deployed for a while now, so I suspect that it is here to stay.
Compact DoE should be seen through the lens of online signing and that changes the perspective quite a bit for large providers. That the answer is compact is a clear benefit but reducing the amount of work the authoritative server has to perform is more important. The server does not need to know the contents of the full zone, just that either the name or the type in question does not exists. No need to lookup closest enclosers etc. Depending on how you've designed the internals of your server this reduction in the work you have to perform is likely substantial. The proposal for Compact DoE is also of benefit to validating resolvers for normal workloads as less signatures have to be validated. On the flip side there is the question of a random prefix attacks and RFC 8198, but then again "white-lies" and NSEC3 opt-out was kind of the needle to that balloon so this (Compact DoE) is not making that situation any worse.
/Christian
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
