Roy That is on Thursday Agenda. Sorry for the mixuyp
On Mon, Jul 22, 2024 at 3:47 PM Roy Arends <r...@dnss.ec> wrote: > I saw this on the agenda for this afternoon. > > The proposed solution against zone-walking is to exclude names from an > nsec chain. > > Example, say "B" needs to kept private from zone-walking, so have: > > A.example. NSEC C.example. > B.example. A 192.168.10.10 > C.example. NSEC ... > > This is a terrible idea. This will break DNSSEC. Agressive negative > caching will make sure that B won't exist, since the A NSEC C record proves > it. > > Happy to discuss it in the WG this afternoon. > > Roy > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
