On 07/05/2022 02:18, Mukund Sivaraman wrote:
If zone enumeration was not a real concern, NSEC3 would not exist. However, public DNS is a public tree and so we should have limited expectations for hiding names in it.
A significant motivation was to help defend database copyright in the zone content, rather than to explicitly hide particular entries.
With NSEC it was simply too easy for a third party to produce an infringing copy of the registry's entire database.
Ray
