[dns-operations] Historical reminiscences (was Re: nsec vs nsec3 use)
Jaap Akkerhuis
jaap at NLnetLabs.nl
Wed Apr 14 07:44:33 UTC 2021
Andrew Sullivan writes:
About this part:
> <...>
> raise problems for them due to zone walking[1], and so something else
> had to be created. The zone-walking-resistant NSEC3 was an
> opportunity to reintroduce opt-out,
>
> Maybe some others have a different memory of this, though?
>
> [1] As I heard it told, even the lawyers agreed it was stupid, but it
> was the consequence of some detail of the law. This hearsay is not
> admissible in any proceeding, I'm sure.
I do remember there was some discussion in Europe. At SIDN we (Where
I was at that time) commissioned some academic research (Tilburg
University I think) to see whether NSEC was interfering with privacy
concerns (including European regulations). The conclusion was it
didn't and got ignored. So NSEC3 developing of NSEC3 started, The
opt-out thing got sneaked in and yes, the big zone problem was the
motive for that.
jaap
More information about the dns-operations
mailing list