NSEC3

1
NSEC3

• Increasing zone enumeration cost
• Decreasing initial deployment cost
• IETF-60
• roy_at_dnss.ec

2
NSEC3 basics

• lists the next NSEC3s canonical ordered,
  optionally hashed owner name.
• Lists types at original owner name.
• Owner name may be hashed (by hashing individual
  labels)
• Delegation points to unsigned zone optionally
  excluded from the NSEC3 chain. (Opt-In)

3
NSEC3 hashed labels

• Labels are individually hashed.
• empty non-terminals are preserved to avoid EXIST
  or similar workarounds.
• Labels are optionally hashed.
• So we have bw compatibility with NSEC. Not needed
  ? Dont use it !
• Includes salt to increase cost of dictionary
  attacks.
• Salt is 24 bits.

4
NSEC3 hash truncation

• Discussed in the draft, no reactions so far.
• What is the damage when hashes are truncated to
  the smallest unique value.
• Truncation causes higher collision probability.
• Collision damage
• Limited to a higher probability to spoof
  non-existent names as existent.
• NOT POSSIBLE TO SPOOF EXISTENT NAMES AS
  NON-EXISTENT(as existent names will have a
  truncated hash associated)

5
NSEC3 Opt-in

• Original Opt-in spec technically sound.
• Tested, implemented, drafted.
• Opt-in methodology orthogonal wrt hashed labels.
• Addresses initial size increase of delegation
  centric zones.
• It is optional.

6
Questions

• The current draft is at
• http//www.logmess.com/roy/
• Will do OOB QA, come and see me afterwards.