During the mic discussions of NSEC5 yesterday, some speakers conflated a
few things.
- NSEC3 with a good dictionary allows a fair amount of zone enumeration,
but NSEC3 White Lies does not. Sharon did a good job of differentiating
this in her slides, but people talking about the need for NSEC5 did not.
- White Lies can be done with NSEC, not just with NSEC3. RFC 7129 calls
these "minimally covering NSEC records". I would think that doing NSEC
White Lies would require less CPU than doing NSEC3 White Lies (but I
haven't done the work to be sure).
When saying why one prefers NSEC5 over the current solutions, it is good
to be specific which of the current solutions we are talking about.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
