7 May
2022
7 May
'22
12:12 p.m.
On 07/05/2022 02:18, Mukund Sivaraman wrote:
If zone enumeration was not a real concern, NSEC3 would not exist. However, public DNS is a public tree and so we should have limited expectations for hiding names in it.
A significant motivation was to help defend database copyright in the zone content, rather than to explicitly hide particular entries. With NSEC it was simply too easy for a third party to produce an infringing copy of the registry's entire database. Ray