14-15 May 2017
Europe/Madrid timezone

NSEC5: Updated specification and implementation results

15 May 2017, 09:45
Standard Presentation Public Workshop Public Workshop: DNSSEC


David Lawrence (Akamai Technologies) Jan Včelák (NS1) Shumon Huque (Salesforce)


NSEC5 is a proposed enhancement to DNSSEC that provably prevents zone enumeration. It does this by replacing the hashes used in NSEC3 with hashes computed by a verifiable random function (VRF), and requiring authoritative servers to perform a small amount of online cryptography for negative responses. This talk will give an overview of the latest NSEC5 protocol specification, and describe the results of implementing it and evaluating its performance.
Talk Duration 30 Minutes

Primary author

Shumon Huque (Salesforce)


David Lawrence (Akamai Technologies) Jan Včelák (NS1)

Presentation Materials