Compact DNSSEC Denial of Existence or Black Lies
2016
This document describes a technique to generate valid DNSSEC answers
on demand for non-existing names by claiming the name exists and
returning a NSEC record for it. These answers require only one NSEC
record and allow live-signing servers to minimize signing operations,
packet size, disclosure of zone contents and required knowledge of the
zone layout.
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
0
References
1
Citations
NaN
KQI