David Lawrence (Akamai Technologies) Jan Včelák (NS1) Shumon Huque (Salesforce)
NSEC5 is a proposed enhancement to DNSSEC that provably prevents zone enumeration. It does this by replacing the hashes used in NSEC3 with hashes computed by a verifiable random function (VRF), and requiring authoritative servers to perform a small amount of online cryptography for negative responses. This talk will give an overview of the latest NSEC5 protocol specification, and describe the results of implementing it and evaluating its performance.
|Talk Duration||30 Minutes|
Shumon Huque (Salesforce)