Speakers
David Lawrence
(Akamai Technologies)
Jan Včelák
(NS1)
Shumon Huque
(Salesforce)
Description
NSEC5 is a proposed enhancement to DNSSEC that provably prevents zone enumeration. It does this by replacing the hashes used in NSEC3 with hashes computed by a verifiable random function (VRF), and requiring authoritative servers to perform a small amount of online cryptography for negative responses. This talk will give an overview of the latest NSEC5 protocol specification, and describe the results of implementing it and evaluating its performance.
Talk Duration | 30 Minutes |
---|
Primary author
Shumon Huque
(Salesforce)
Co-authors
David Lawrence
(Akamai Technologies)
Jan Včelák
(NS1)