The IESG has received a request from the Domain Name System Operations WG (dnsop) to consider the following document: - 'Compact Denial of Existence in DNSSEC' <draft-ietf-dnsop-compact-denial-of-existence-05.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-c...@ietf.org mailing lists by 2024-12-23. Exceptionally, comments may be sent to i...@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes a technique to generate a signed DNS response on demand for a non-existent name by claiming that the name exists but doesn't have any data for the queried record type. Such answers require only one minimal NSEC record, allow online signing servers to minimize signing operations and response sizes, and prevent zone content disclosure. This document updates RFC 4034 and 4035. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dnsop-compact-denial-of-existence/ The following IPR Declarations may be related to this I-D: https://datatracker.ietf.org/ipr/6089/ https://datatracker.ietf.org/ipr/6090/ The document contains these normative downward references. See RFC 3967 for additional information: rfc7129: Authenticated Denial of Existence in the DNS (Informational - Independent Submission stream) _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
