Hi folks,
We've requested an agenda slot at the DNSOP working group meeting at
IETF98 to talk about the NSEC5 protocol. Our chairs have requested that
we send out a note to the group ahead of time, so here it is.
This protocol has not to our knowledge been presented at dnsop before,
but has been discussed previously at other IETF venues, such as SAAG.
Sharon Goldberg has recently presented NSEC5 to good reception at
the following venues:
1) Real World Crypto conference, New York (Jan 2017)
2) IETF Boston Hub Meetup (Feb 2017)
3) DNS Privacy Workshop at NDSS'17 (Feb 2017)
The latest NSEC5 protocol now supports elliptic curve cryptography,
and uses verifiable random functions. The protocol has been implemented,
and we have good performance results to share.
There is a research paper, with many more details:
https://eprint.iacr.org/2017/099.pdf
The current draft for the NSEC5 spec is here:
https://tools.ietf.org/html/draft-vcelak-nsec5-04
Some IETF security folk have recommended that we split out the VRF
construction (currently described in the draft's appendix) into a
separate draft, as it may be useful to other IETF protocols. We think
that's a good idea and are working on it - we hope to have updated
drafts before the IETF98 draft cutoff deadline.
Hope to chat in person at IETF, and/or on the list.
Shumon, Sharon, Dimitris, Jan, and Dave.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
