|
3.
Zone Enumeration |
4.
Zone Enumeration II |
5.
Zone Enumeration III |
6.
Exposure of Contents |
7.
Zone Size |
8.
Single Method |
9.
Empty Non-terminals |
10. Prevention of Precomputed Dictionary Attacks |
11. DNSSEC-Adoption and Zone-Growth Relationship |
12. Non-overlap of denial records with possible
zone records |
13. Exposure of Private Keys |
14. Minimisation of Zone Signing Cost |
15. Minimisation of Asymmetry (a) |
16. Minimisation of Client Complexity (a) |
17. Completeness |
18. Purity of Namespace |
19. Replay Attacks |
20. Compatibility with NSEC |
21. Compatibility with NSEC II |
22. Compatibility with NSEC III (a) |
23. Coexistence with NSEC |
24. Coexistence with NSEC II |
25. Coexistence with NSEC III |
26. Allow Partially Signed Zones (d) |
27. Protocol Design |
|
|
|
|
|
|
|
|
|
| 3.
Zone Enumeration |
|
|
|
|
|
|
|
(b) |
|
|
|
|
|
|
|
|
A proposal exists that reconciles
these two, or it is obvious they can be, or they are unrelated |
| 4.
Zone Enumeration II |
|
|
|
|
|
|
|
|
|
|
|
(b) |
|
|
|
|
|
|
|
|
No proposal exists to reconcile
these two, nor is it obvious they can be |
|
| 5.
Zone Enumeration III |
|
|
|
|
|
|
|
|
(b) |
|
|
|
|
|
|
|
|
These two cannot be reconciled |
|
| 6.
Exposure of Contents |
|
|
|
|
|
|
|
(b) |
|
|
|
|
|
|
|
|
The left requirement implies the
right one |
|
| 7.
Zone Size |
|
|
|
|
|
|
|
|
|
|
|
|
| 8.
Single Method |
|
|
|
|
|
|
|
|
| 9.
Empty Non-terminals |
|
|
|
|
|
|
|
|
|
|
|
| 10.
Prevention of Precomputed Dictionary Attacks |
|
|
|
|
|
|
|
|
(b) |
|
|
|
|
|
|
|
(a) Since this is expressed as a
minimisation, it is always possible to satisfy |
|
| 11.
DNSSEC-Adoption and Zone-Growth Relationship |
|
|
|
|
|
|
|
|
(b) Although this is technically a
problem, the probabilities involved are astronomically low |
|
| 12.
Non-overlap of denial records with possible zone records |
|
|
|
|
|
|
|
|
(d) 26 is actually the same as 11.
Oops. |
|
| 13.
Exposure of Private Keys |
|
|
|
|
|
|
|
|
| 14.
Minimisation of Zone Signing Cost |
|
|
|
|
|
|
|
|
|
|
| 15.
Minimisation of Asymmetry (a) |
|
|
|
|
|
|
|
|
| 16.
Minimisation of Client Complexity (a) |
|
|
|
|
|
|
|
|
| 17.
Completeness |
|
|
|
|
|
|
|
|
|
|
| 18.
Purity of Namespace |
|
|
|
|
|
|
|
|
|
|
|
|
| 19.
Replay Attacks |
|
|
|
|
|
|
|
|
|
|
|
| 20.
Compatibility with NSEC |
|
|
|
|
|
|
|
|
|
|
|
| 21.
Compatibility with NSEC II |
|
|
|
|
|
|
|
|
|
|
|
| 22.
Compatibility with NSEC III (a) |
|
|
|
|
|
|
| 23.
Coexistence with NSEC |
|
| 24.
Coexistence with NSEC II |
|
|
|
|
|
|
| 25.
Coexistence with NSEC III |
|
|
|
|
|
|
| 26.
Allow Partially Signed Zones (d) |
|
| 27.
Protocol Design |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|