Network Working Group                                          B. Laurie
Internet-Draft                                                   Nominet
Expires: March 2, 2005 April 27, 2006                                        R. Loomis
                                                          September 2004
                                                        October 24, 2005

      Requirements related to DNSSEC Signed Proof of Non-Existence

Status of this Memo

   This document is an Internet-Draft and is subject to all provisions
   of section 3 of RFC 3667.

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she become becomes
   aware will be disclosed, in accordance with
   RFC 3668. Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts. Internet-

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on March 2, 2005. April 27, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2004). (2005).


   DNSSEC-bis uses the NSEC record to provide authenticated denial of
   existence of RRsets.  NSEC also has the side-effect of permitting
   zone enumeration, even if zone transfers have been forbidden.
   Because some see this as a problem, this document has been assembled
   to detail the possible requirements for denial of existence A/K/A
   signed proof of non-existence.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.   Non-purposes  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.   Zone Enumeration  Non-purposes . . . . . . . . . . . . . . . . . . . . . . . . .  3
   4.  Group 1 - Zone Enumeration II  . . . . . . . . . and exposure  . . . . . . . . . . .  4
   5.  Group 2 - Zone Enumeration III Size  . . . . . . . . . . . . . . . . . . . . .  4
   6.   Exposure of Contents  Group 3 - Compatibility and Transition . . . . . . . . . . . .  5
   7.  Group 4 - Empty Non-terminals  . . . . . . . .   4
   7.   Zone Size . . . . . . . .  5
   8.  Group 5 - DNSSEC-Adoption and Zone-Growth Relationship . . . .  6
   9.  Group 6 - Non-overlap of denial records with possible zone
       records  . . . . . . . . . . . . .   4
   8.   Single Method . . . . . . . . . . . . . .  7
   10. Group 7 - Exposure of Private Keys . . . . . . . . .   5
   9.   Empty Non-terminals . . . . .  7
   11. Group 8 - Minimisation of Zone Signing Cost  . . . . . . . . .  8
   12. Group 9 - DoS prevention/symmetric cost  . . . . . .   5
   10.  Prevention of Precomputed Dictionary Attacks . . . . .  8
   13. Group 10 - Acceptable Complexity . . .   6
   11.  DNSSEC-Adoption and Zone-Growth Relationship . . . . . . . .   6
   12.  Non-overlap of denial records with possible zone records . .   7
   13.  Exposure of Private Keys . .  8
   14. Group 11 - Correctness . . . . . . . . . . . . . . . .   7
   14.  Minimisation of Zone Signing Cost . . . .  9
   15. Group 12 - Purity of Namespace . . . . . . . . .   8
   15.  Minimisation of Asymmetry . . . . . . .  9
   16. Group 13 - Replay Attacks  . . . . . . . . . .   8
   16.  Minimisation of Client Complexity . . . . . . . .  9
   17. Group 14 - Security during Zone Transition . . . . .   8
   17.  Completeness . . . . . 10
   18. Group 15a - Universal Signing  . . . . . . . . . . . . . . . . 10
   19. Group 15b - Universal Signing  . . .   8
   18.  Purity of Namespace . . . . . . . . . . . . . 10
   20. Group 15c - Universal Signing  . . . . . . .   8
   19.  Replay Attacks . . . . . . . . . 10
   21. Group 16 - NSEC++ as seen by NSEC-only resolver  . . . . . . . 11
   22. Prioritization of Requirements . . . . . . .   8
   20.  Compatibility with NSEC . . . . . . . . . 11
   23. Requirements summary matrix  . . . . . . . . .   8
   21.  Compatibility with NSEC II . . . . . . . . 11
   24. Non-requirements . . . . . . . . .   9
   22.  Compatibility with NSEC III . . . . . . . . . . . . . . . .   9
   23.  Coexistence with NSEC  . . . . . . . . . . . . . . . . . . .   9
   24.  Coexistence with NSEC II . . . . . . . . . . . . . . . . . .   9 12
   25.  Protocol Design  . . . . . . . . . . . . . . . . . . . . . .   9
   26.  Process  . . . . . . . . . . . . . . . . . . . . . . . . . .   9
   27. Acknowledgements . . . . . . . . . . . . . . . . . . . . . .   9
   28. . 12
   26. Requirements notation  . . . . . . . . . . . . . . . . . . .   9
   29. . 12
   27. Security Considerations  . . . . . . . . . . . . . . . . . .  10
   30. . 12
   28. References . . . . . . . . . . . . . . . . . . . . . . . . .  10
   30.1 . 13
     28.1.  Normative References  . . . . . . . . . . . . . . . . . . .  10
   30.2 13
     28.2.  Informative References  . . . . . . . . . . . . . . . . . .  10 13
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . .  10 . . . 14
   Intellectual Property and Copyright Statements . . . . . . .  11 . . . 15

1.  Introduction

   NSEC records allow trivial enumeration of zones - a situation that
   has existed for several years but which has recently been raised as a
   significant concern for DNSSECbis deployment in several zones.
   Alternate proposals have been made that make zone enumeration more
   difficult, and some previous proposals to modify DNSSEC had related
   requirements/desirements that are relevant to the discussion.  In
   addition the original designs for NSEC/NXT records were based on
   working group discussions and the choices made were not always
   documented with context and requirements-- so some of those choices
   may need to be restated as requirements.  Overall, the working group
   needs to better understand the requirements for denial of existence
   (and certain other requirements related to DNSSECbis deployment) in
   order to evaluate the proposals that may replace NSEC.  The -01
   version of this document was presented at IETF61 on 10 November 2004
   along with a re-categorization of the then-current list of potential
   requirements.  This version of the document formalizes that re-
   categorization of the requirements, and is intended to serve as the
   basis for further discussions and evaluation of potential solutions.
   The final editing of the -02 document was principally conducted by
   Rip Loomis as Ben Laurie is now actively involved in writing
   documents and code to satisfy the requirements that this document
   attempts to enumerate.  As such, Rip is to blame for any newly
   introduced errors or lacking detail (and probably most of any such
   errors in previous versions as well).

2.  Terminology

   In the remainder of this document, "NSEC++" is used as shorthand for
   "a denial of existence proof that will replace NSEC".  "NSECbis" has
   also been used as shorthand for this, but we avoid that usage since
   NSECbis will not be part of DNSSECbis and therefore there might be
   some confusion.

2.  We also use the term "DNSSEC-TNG" A/K/A "DNSSECter".
   This is meant to indicate the current DNSSECbis plus whatever changes
   are required as part of NSEC++.  We expect that DNSSECter will likely
   still include the current NSEC record as well.

3.  Non-purposes

   This document does not currently document the reasons why zone
   enumeration might be "bad" from a privacy, security, business, or
   other perspective--except insofar as those reasons result in
   requirements.  Once the list of requirements is complete and vaguely
   coherent, the trade-offs (reducing zone enumeration will have X cost,
   while providing Y benefit) may be revisited.  The editors of this
   compendium received inputs on the potential reasons why zone
   enumeration is bad (and there was significant discussion on the
   DNSEXT WG mailing list) but that information fell outside the scope
   of this document.

   Note also that this document does not assume that NSEC *must* be
   replaced with NSEC++, if the requirements can be met through other
   methods (e.g., "white lies" with the current NSEC).  As is stated
   above, this document is focused on requirements collection and
   (ideally) prioritization rather than on the actual implementation.


4.  Group 1 - Zone Enumeration

   Authenticated denial and exposure

   Comprised of previous requirements numbered as 3, 4, 5, 6, 10, and 26

   The editors suggest that these boil down to: "DNSSECter should not permit trivial zone enumeration.

   Additional discussion:  NSEC (and NXT before it) provide a linked
   list that could be "walked"
   make it easier to trivially enumerate all the signed
   records in a zone.  This requirement is primarily (though not
   exclusively) important for zones than it is with plain DNS."

   We believe that either are delegation-only/
   -mostly or do not have reverse lookup (PTR) records configured, since
   enterprises that have PTR records for all A records have already
   provided this is a similar capability to enumerate the contents of DNS zones.

   Contributor: various

4.  Zone high-priority requirement.

   Threshold requirement: Enumeration II

   Zone enumeration should be is at least as difficult as it would be to
   effect non-trivial (where
   current NSEC provides a dictionary attack using simple DNS queries to do the same in
   an unsecured zone.

   (Editor comment: it linked list that is not clear how considered trivial to measure difficulty in this
   case.  Some examples could

   A concrete test might be monetary cost, bandwidth, processing
   power or some combination of these.  It has also been suggested that
   the requirement is that the graph of difficulty of enumeration vs.
   the fraction of the zone enumerated should be approximately the same
   shape in the two cases)

   Contributor: Nominet

5.  Zone Enumeration III

   Enumeration of a zone with random contents should computationally

   Editor comment: this is proposed as a way of evaluating the
   effectiveness of a proposal rather than as a requirement anyone would
   actually have in practice.

   Contributor: Alex Bligh

6.  Exposure of Contents

   NSEC++ should not expose any of the contents of the zone (apart from
   the NSEC++ records themselves, of course).

   Editor comment: this is a weaker requirement than prevention of
   enumeration, but certainly any zone that satisfied this requirement
   would infeasible to fully
   enumerate--this also satisfy reflects the trivial prevention of enumeration requirement. "goal requirement"

   Contributor: Ed Lewis

7. various

5.  Group 2 - Zone Size

   Requirement: NSEC++ should make it possible to take precautions
   against trivial zone size estimates.  Since not all zone owners care
   about others estimation of the size of a zone, it is not always
   necessary to prohibit trivial estimation of the size of the zone but
   NSEC++ should allow such measures.

   We believe that this is a "nice to have" item and not a true
   requirement, and recommend weighting it appropriately when
   considering solutions.

   Additional Discussion: Even with proposals based on obfuscating names
   with hashes it is trivial to give very good estimates of the number
   of domains in a certain zone.  Just send 10 random queries and look
   at the range between the two hash values returned in each NSEC++.  As
   hash output can be assumed to follow a rectangular random
   distribution, using the mean difference between the two values, you
   can estimate the total number of records.  It is probably sufficient
   to look at even one NSEC++, since the two hash values should follow a
   (I believe) Poisson distribution.

   The concern is motivated by some wording remembered from NSEC, which
   stated that NSEC MUST only be present for existing owner names in the
   zone, and MUST NOT be present for non-existing owner names.  If
   similar wording were carried over to NSEC++, introducing bogus owner
   names in the hash chain (an otherwise simple solution to guard
   against trivial estimates of zone size) wouldn't be allowed.

   One simple attempt at solving this is to describe in the
   specifications how zone signer tools can add a number of random
   "junk" records.

   Editor's comment: it is interesting that obfuscating names might
   actually make it easier to estimate zone size.

   Contributor: Simon Josefsson.

8.  Single Method

   Requirement:  A single NSEC++ method must be able to carry both
   old-style denial (i.e.  plain labels) and whatever the new style
   looks like.  Having two separate denial methods could result in
   cornercases where one method can deny the other

6.  Group 3 - Compatibility and vice versa.

   Additional discussion:  This requirement can help -bis folks to Transition

   Comprised of requirements previously numbered as 8, 20, 21, 22, 23,

   Editor comments: The editors suggest that these boil down to,
   "Current deployment of DNSSECbis with NSEC, by those who care not
   about zone enumeration, should not be affected by future NSEC++

   We believe that this is a
   smooth upgrade to -ter.  First they'd change the method while the
   content high priority requirement.

   NOTE: Requirement 8 is the same, then they can no longer truly applicable, because it would
   have mandated a change content of to the method. draft DNSSECbis documents that was not
   made before they were submitted for IESG review.

   Contributor: Roy Arends.

9. Various

7.  Group 4 - Empty Non-terminals


   Goal: Empty-non-terminals (ENT) should remain empty.  In other words,
   adding NSEC++ records to an existing DNS structure should not cause
   the creation of NSEC++ records (or related records) at points that
   are otherwise ENT.

   Editor comments: We believe that this is a low-priority desire and
   not a strict requirement, and we recommend that it be weighted
   appropriately when comparing possible solutions.

   Additional discussion: Currently NSEC complies with ENT requirement: NSEC implies the existence of an ENT
   with ownername  NSEC2 breaks that requirement, since
   the ownername is entirely hashed causing the structure to disappear.
   This is why EXIST was introduced.  But EXIST causes ENT to be
   non-empty-terminals. non-
   empty-terminals.  Next to the dissappearance of ENT, it causes (some)
   overhead since an EXIST record needs a SIG, NSEC2 and SIG(NSEC2).
   DNSNR honours this requirement by hashing individual labels instead
   of ownernames.  However this causes very long labels.  Truncation is
   a measure against very long ownernames, but that is controversial.
   There is a fair discussion of the validity of truncation in the DNSNR
   draft, but that hasn't got proper review yet.

   NOTE: (2005-07-29) The discussion above may need some updates based
   on NSEC3.

   Contributor: Roy Arends.

   (Editor comment: it is not clear to us that an EXIST record needs an
   NSEC2 record, since it is a special purpose record only used for
   denial of existence)

10.  Prevention of Precomputed Dictionary Attacks

   Requirement:  NSEC++ needs to provide a method to reduce the
   effectiveness of precomputed dictionary attacks.

   Additional Discussion:  Salt is a measure against dictionary attacks.
   There are other possible measures (such as iterating hashes in
   NSEC2).  The salt needs to be communicated in every response, since
   it is needed in every verification.  Some have suggested to move the
   salt to a special record instead of the denial record.  I think this
   is not wise.  Response size has more priority over zone size.  An
   extra record causes a larger response than a larger existing record.

   Contributor: Roy Arends.

   (Editor comment: the current version of NSEC2 also has the salt in
   every NSEC2 record)


8.  Group 5 - DNSSEC-Adoption and Zone-Growth Relationship

   Background: Currently with NSEC, when a delegation centric zone
   deploys DNSSEC, the zone-size multiplies by a non-trivial factor even
   when the DNSSEC-adoption rate of the subzones remains low--because
   each delegation point creates at least one NSEC record and
   corresponding signature in the parent even if the child is not


   Goal/Requirements: A delegation-only (or delegation-mostly) zone that
   is signed but which has no signed child zones should initially need
   only to add SIG(SOA), DNSKEY, and SIG(DNSKEY) at the apex, along with
   some minimal set of NSEC++ records to cover zone contents.  Further,
   during the transition of a delegation-only zone from 0% signed
   children to 100% signed children, the growth in the delegation-only
   zone should be roughly proportional to the percentage of signed child

   Editor comments: We believe that this is a medium-priority goal or
   desire and should be considered.  Because of the similarity of this
   item to the older "opt-in signed zones" proposal, we recognize that
   consideration of this item may bog down the DNSEXT WG and that a
   decision must be made by the WG chairs.

   Additional Discussion: This is why DNSNR has the Authoritative Only
   bit.  This is similar to opt-in for delegations only.  This (bit) is
   currently the only method to help delegation-centric zone cope with
   zone-growth due to DNSSEC adoption.  As an example, A delegation only
   zone which deploys DNSSEC with the help of this bit, needs to add
   more than that.

   NOTE: (2005-07-29) The discussion above may need some updates based
   on NSEC3.

   Contributor: Roy Arends.


9.  Group 6 - Non-overlap of denial records with possible zone records


   Goal: NSEC++ records should in some way be differentiated from
   regular zone records, so that there is no possibility that a record
   in the zone could be duplicated by a non-existence proof (NSEC++)

   Additional discussion:  This requirement

   Editor comment: We are not sure that this is derived from a discussion
   on the DNSEXT mailing list valid concern much
   less a requirement.  Even if there is an apparent conflict or
   overlap, the "conflicting" NSEC2 name _only_ appears in NSEC2
   records, and the other name _never_ appears in NSEC2 records.
   Protocols cannot protect against all possible silly or foolish
   actions, and should a randomly chosen salt produce an NSEC2 record
   that matches a zone entry (either current or future) then the
   solution will be to pick a new salt and re-sign the zone.

   Additional discussion: This requirement is derived from a discussion
   on the DNSEXT mailing list related to copyrights and domain names.
   As was outlined there, one solution is would be to put NSEC++ records in
   a separate namespace, e.g.: $ORIGIN
   873bcdba87401b485022b8dcd4190e3e IN NS ; your
   delegation 873bcdba87401b485022b8dcd4190e3e._no IN NSEC++ 881345... ;

   Contributor: various

   (Editor comment:  One of us still does  However, it is not see why a conflict
   matters.  Even if there obvious that this separate
   namespace is an apparent conflict or overlap, the
   "conflicting" NSEC2 name _only_ appears in NSEC2 records, and the
   other name _never_ appears in NSEC2 records.)

13. useful.

   Contributor: various

10.  Group 7 - Exposure of Private Keys

   Private keys associated with the public keys in the DNS should be
   exposed as little as possible.  It is highly undesirable for private
   keys to be distributed to nameservers, or to otherwise be available
   in the run-time environment of nameservers.

   We believe that this is a medium priority desire.  For some
   organizations the use of online keys may be an acceptable trade-off
   if it allows the prevention of zone enumeration.  On the other hand,
   there are some organizations which may be concerned about zone
   enumeration and for whom online storage/availability of keys on the
   authoritative servers may be unacceptable.

   Contributors: Nominet, Olaf Kolkman, Ed Lewis


11.  Group 8 - Minimisation of Zone Signing Cost

   The additional cost of creating an NSEC++ signed zone should not
   significantly exceed the cost of creating an ordinary signed zone.

   Contributor: Nominet

15.  Minimisation of Asymmetry

   Furthermore, DNSSEC++ should have to do as little additional work as necessary.
   More precisely, not make incremental signing of existing
   zones any "harder" (in terms of computational or administrative
   resources) than it currently is desirable for any with DNSSECbis/NSEC.

   We believe that this is a medium-priority desire.

   Contributor: Nominet

12.  Group 9 - DoS prevention/symmetric cost

   NSEC++ should not make Denial of Service (DoS) attacks significantly
   more effective than plain DNSSECbis.  Any increase in real-time cost incurred by
   at the nameservers name server (to respond) should correspond to be offset by a proportionate proportional
   increase in real-time cost to
   DNS `clients', e.g.  stub and/or `full-service' resolvers.

   Contributor: Nominet

16.  Minimisation of Client Complexity

   Caching, wildcards, CNAMEs, DNAMEs should continue to work without
   adding too much complexity at generate the client side.

   Contributor: Olaf Kolkman

17.  Completeness

   A proof of nonexistence original query.

   Editor comment: We believe that this is a low-priority desire.  In
   general DNSSEC makes DoS attacks against both authoritative and
   recursive DNS servers so much easier that the answer will be to
   increase available server CPU resources.  Further, we are not sure
   that this a realistic requirement given the other requirements for
   NSEC++.  In the end, we recommend that this be considered along with
   other factors when reviewing potential solutions.

   Contributor: Nominet

13.  Group 10 - Acceptable Complexity

   Caching, wildcards, CNAMEs, and DNAMEs should continue to work
   without significant increases in complexity at the client side--where
   complexity specifically includes complexity of operational usage and
   complexity of validator implementation.

   We believe that this is a medium priority desire.

   Contributor: Olaf Kolkman

14.  Group 11 - Correctness

   There should not be a proof of nonexistence possible for all nonexistent any valid
   data in the zone.  NOTE: This has a much different meaning than the
   way in which this requirement was stated as Completeness in the -01
   version of this document, based on further discussions with the
   original contributor.

   This requirement now appears to conflict with Group 5 above and has
   been given the same priority as Group 5 (previously requirement 11).
   The WG will need to resolve the conflict and remove one of the two
   goals/requirements from consideration.

   Contributor: Olaf Kolkman


15.  Group 12 - Purity of Namespace

   The name space should not be muddied with fake names or data sets.

   Contributor: Ed Lewis

19.  Replay Attacks

   NSEC++ should not allow a replay

   Editor comment: After further discussion with the contributor, this
   appears to be used to deny existence more of an
   RR awareness issue than a true requirement, and
   one that actually exists. may be possible to address on the implementation side.  See
   also Group 6, which appears to be based on similar concerns (although
   the similarity was not identified during discussions at IETF 61).

   Contributor: Ed Lewis

20.  Compatibility with NSEC

16.  Group 13 - Replay Attacks

   Requirement: NSEC++ should not introduce changes incompatible allow replay attacks that are any more
   effective than those which currently exist in DNSSECbis.

   Editor comment: This is a high-priority requirement.  The requirement
   was reworded based on further discussion with NSEC.

   Contributor: the original
   contributor and other WG members.  The basis for the rewording is
   that DNSSECbis by design does not allow replay attacks that deny a
   record which already exists.  However, attacks against a record which
   has been added will succeed (until the signature expires on the
   relevant NSEC)

   Contributor: Ed Lewis

21.  Compatibility with

17.  Group 14 - Security during Zone Transition

   Requirement: It should be possible to switch between NSEC II and NSEC++
   without any zone data appearing to be unsigned, insecure, or "partly
   secure" during the transition, taking into account externally cached

   Additional discussion: We never want an end-user to see
   "inconsistently signed" data.  Both positive and negative answers
   should differ from still be able to be validated.

   Editor comment: This is a newly identified requirement.  This is at
   least highly desirable and perhaps a hard-and-fast requirement.

18.  Group 15a - Universal Signing

   Editor comment: The 15 a/b/c nomenclature is used in this version for
   consistency with the presentation made to DNSEXT by the editors
   during IETF 61 in DC.  This should probably be fixed in some way for
   the next version of this document...hopefully in a way that minimizes

   Requirement: "Every zone that can be signed with DNSSECbis can also
   be signed with DNSSECter."  (We believe that this is all zones, but
   do not want to prove it nor raise the bar for DNSSECter.)

   Additional discussion: This is a newly-identified, hard-and-fast

19.  Group 15b - Universal Signing

   Requirement: It should be possible to sign all zones with DNSSECter.

   Additional discussion: Newly identified requirement.  We rate this as
   highly desirable.

20.  Group 15c - Universal Signing

   Requirement: If it is not possible to sign all zones with NSEC++,
   then it should be clearly defined which zones cannot be signed.

   This is a newly identified, hard-and-fast requirement.

21.  Group 16 - NSEC++ as seen by NSEC-only resolver

   Requirement: An NSEC++ (only) zone, regardless of whether parent uses
   NSEC or NSEC++, should appear as consistently unsigned when seen by
   an NSEC-only resolver.

   Basis: We never want an end-user to see "inconsistently signed" data.

   This is a newly-identified requirement.  This is at least highly
   desirable and perhaps a hard-and-fast requirement.

22.  Prioritization of Requirements

   Clearly not all of these requirements can be met.  Therefore the
   editors have attempted to prioritize the requirements as they
   understand the relevant impacts and needs.  The following lists give
   details as to the prioritization.  The order of listing within each
   priority level is also intended to show which requirements should be
   given higher priority if a "tie-breaker" is needed.  Further, there
   are likely some potential DNSSEC users who would assign different
   priorities to specific requirement sets--these are meant to be an
   overall list that best serves the wider community.

   High priority: Group 1 (Zone enumeration and exposure), group 3
   (compatibility and transition), group 13 (replay), group 15a
   (universal signing), and group 15c (universal signing).

   Medium priority: Group 14 (security during transition), group 15b
   (universal signing), Group 16 (NSEC-only resolver results), group 5
   (adoption and zone growth), group 11 (completeness), group 7
   (exposure of signing keys), group 10 (complexity), group 12 (DNS
   "purity"), group 8 (zone signing cost)

   Low priority: Group 9 (DoS prevention), group 2 (zone size), group 4
   (Empty non-terminals), group 6 (non-overlap in a way namespace)

23.  Requirements summary matrix

   A HTML-ized matrix that is transparent to summarizes the
   resolver or validator.

   Contributor: Ed Lewis

22.  Compatibility with NSEC III

   NSEC++ should differ from NSEC as little as possible whilst achieving
   other requirements.

   Contributor: Alex Bligh

23.  Coexistence with NSEC

   NSEC++ should relationships between the
   requirements (as they were identified in version -01 of this
   document) is available at Ideally
   this HTML-ized matrix will be optional, allowing NSEC updated to be used instead.

   Contributor: Ed Lewis, Alex Bligh

24.  Coexistence with NSEC II

   NSEC++ should not impose extra work on those content with NSEC.

   Contributor: Ed Lewis

25.  Protocol Design

   A good security protocol would allow signing match the nonexistence of some
   selected names without revealing anything about other names.

   Contributor: Dan Bernstein

26.  Process

   Clearly not all slight terminology
   changes in this version of these requirements can the document, but even if it is updated it
   will be met.  Therefore difficult to include its presentation in any useful form in
   an ASCII text I-D.  It is possible that the next
   phase version of this document
   Draft will be complemented by a PDF version that includes the
   (updated) matrix.

24.  Non-requirements

   Explicit non-requirement: Prevent enumeration of RR types for a given

   Even if it is notionally possible to either prioritise them or narrow
   them down to provide this capability, we
   expect a non-contradictory set, which should then allow us steep cost and little benefit.

   Future provision of this capability is not prevented, if warranted.

25.  Acknowledgements

   The editors are indebted to
   judge proposals on all the basis individuals who provided feedback
   on this and previous versions of their fit.

27.  Acknowledgements

28. this Internet Draft.  In particular,
   but in no particular order, Simon Josefsson, Roy Arends, Ed Lewis,
   Olafur Gudmondsson, Olaf Kolkman, Alex Bligh, Bill Manning, Rob
   Austein, and Rob Payne each asked specific questions or provided
   specific content that helped the editors in refining this document.

26.  Requirements notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [RFC2119].


27.  Security Considerations

   There are currently no only very limited security considerations called out in
   draft. draft, primarily related to questions of whether some of the
   methods for avoiding zone enumeration might require a message to be
   cryptographically signed "on the fly", which would imply that private
   keys must in some way be accessible on authoritative nameservers.

   There will be security considerations in the choice of which
   requirements will be implemented, but there are no specific security
   requirements during the requirements collection process.


28.  References


28.1.  Normative References

              "DNSSECbis Protocol Definitions", BCP XX, RFC XXXX, Some
              Month 2004.


28.2.  Informative References

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", BCP 9, RFC 2026, October 1996.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2418]  Bradner, S., "IETF Working Group Guidelines and
              Procedures", BCP 25, RFC 2418, September 1998.

Authors' Addresses

   Ben Laurie
   17 Perryn Road
   London  W3 7LR

   Phone: +44 (20) 8735 0686

   Rip Loomis
   Science Applications International Corporation
   7125 Columbia Gateway Drive, Suite 300
   Columbia, MD  21046



Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at

Disclaimer of Validity

   This document and the information contained herein are provided on an

Copyright Statement

   Copyright (C) The Internet Society (2004). (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


   Funding for the RFC Editor function is currently provided by the
   Internet Society.