On Dec 26, 2024, at 14:25, Olafur Gudmundsson wrote:
>
> I would say online signing is way superior operating practice than off-line
> signing,
> there is no need for NSEC3 in on-line signing operations!
I asked whether NSEC3 was a good idea or not - a notable response was that
without NSEC3,
John Levine:
> But this is a span of hashes. If you don't have the whole zone hashed,
> how are you going to find the span? If you do have the whole zone hashed,
> that doesn't sound like on-line signing.
There are definitely online-signing implementations where the names
are easy en
On Thu, 26 Dec 2024, Shumon Huque wrote:
On Thu, Dec 26, 2024 at 3:48 PM John R Levine wrote:
On Thu, 26 Dec 2024, Shumon Huque wrote:
However, I guess for online signers, there is in fact a small
computational
advantage in not needing to dynamically construct a signed NSEC3 record
in ref
On Thu, Dec 26, 2024 at 3:48 PM John R Levine wrote:
> On Thu, 26 Dec 2024, Shumon Huque wrote:
> >
> > However, I guess for online signers, there is in fact a small
> computational
> > advantage in not needing to dynamically construct a signed NSEC3 record
> > in referral responses for delegated
On Thu, 26 Dec 2024, Shumon Huque wrote:
On Thu, Dec 26, 2024 at 2:05 PM John Levine wrote:
Someone is going to ask what about opt-out. I think the answer is that when
doing online signing it's easier to sign everything than try and find the
names whose hashes precede and follow the name you do
On Thu, Dec 26, 2024 at 2:05 PM John Levine wrote:
>
> Someone is going to ask what about opt-out. I think the answer is that when
> doing online signing it's easier to sign everything than try and find the
> names whose hashes precede and follow the name you don't want to sign.
>
I was original
> On Dec 26, 2024, at 14:05, John Levine wrote:
>
> It's fine, but two niggles:
>
> It appears that Shumon Huque said:
>> specific benefit for online signing implementations. Hence, there
>> does not appear to be a strong advantage to implementing Compact
>> Denial of Existence with NSEC
It's fine, but two niggles:
It appears that Shumon Huque said:
> specific benefit for online signing implementations. Hence, there
> does not appear to be a strong advantage to implementing Compact
> Denial of Existence with NSEC3. An existing implementation of
I'd say it more clearly
On Mon, Dec 23, 2024 at 11:21 PM Shumon Huque wrote:
>
> In light of this, I am contemplating revising the text in the draft about
> "no
> benefit" and adding a small section describing what needs to be done to
> implement this protocol with NSEC3. The changes are very simple. The
> owner name of
Quick follow-up here. After a private exchange with Paul V, I now
understand that his reference to the blog post was intended to help the
larger IETF last-call audience familiarize themselves with the topic. It
wasn't a comment specifically on the merits of supporting NSEC3.
Shumon.
On Mon, Dec 2
10 matches
Mail list logo
