Just learned there is a theorem that protecting against zone enumeration requires some sort of "online" crypto, assuming you need authentication or osmething. Ask if you want me to try to find a reference.
It came up in a talk on NSEC5 which requires sharing the secret key for a verifiable random function (VRF) with the name server, but not the zone key. http://eprint.iacr.org/2016/083 http://www.cs.bu.edu/~goldbe/papers/nsec5.html Not sure any of this stuff would be relevant for GNS type schemes.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
