Attacker can learn # of names in zone with NSEC5. Here are more complex schemes that hide the zone size. https://eprint.iacr.org/2014/905
@goldbe awesome talk on NSEC5. Can an attacker still use random probes to leak the zone size? Or are the covering names VRFd per query too?
-
-
-
interesting, will read - thanks! Size of zone considered competitive information by cloud providers, where name == customers
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.