Sorry for not thinking of these earlier, not sure if they would add anything or clarify anything or potentially protect resolvers from DOS attacks:
- Maybe some text warning about queries with excessive numbers of labels, and suggestions for limiting their impact? E.g. "If NUM_LABELS is more than 6, follow the algorithm for the first N labels (TBD for N), then do a binary search on the remaining labels at each zone cut discovered." - Would it make sense to address ENTs (empty non-terminals), or use one of those in an example? Also, in zones signed with NSEC, is there any potential advantage to using NSEC records to "skip ahead" through the list of labels, if ENTs exist with no non-ENT siblings between the CHILD query and the actual zone cut? Either of these might reduce the work, while still preserving the benefits of QNAME minimization, I believe. Brian On Mon, Sep 28, 2020 at 12:17 PM Paul Hoffman <[email protected]> wrote: > Greetings again. We have not heard much recent input on the draft other > than "remove the parts about it being experimental". We have done that, > reorganized it to make it clear that QNAME minimisation is already > well-deployed, and a few other cleanups. > > We think the document is read for WG Last Call, if the chairs do as well. > > --Paul Hoffman_______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
