Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

• Previous message (by thread): Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
• Next message (by thread): Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/05/2022 02:18, Mukund Sivaraman wrote:

> If zone enumeration was not a real concern, NSEC3 would not
> exist. However, public DNS is a public tree and so we should have
> limited expectations for hiding names in it.

A significant motivation was to help defend database copyright in the 
zone content, rather than to explicitly hide particular entries.

With NSEC it was simply too easy for a third party to produce an 
infringing copy of the registry's entire database.

Ray

• Previous message (by thread): Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
• Next message (by thread): Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]