At 22:44 +0200 4/18/06, Roy Arends wrote:
>The response would include
>13 NSEC3 14 to show there's a g.h.example.
>5 NSEC3 10 to show there's no g.g.h.example.
>And that is the beauty of the closest encloser. Since you've proved that
>g.h.example is the closest encloser, by showing g.g.h.example does not
>exist, you don't have to prove anything CLOSER exist.
Okay, it's not as bad as I thought. The second NSEC3 record to me is
a significant difference from the NSEC approach, the difference is
caused by losing the tree structure in hashing.
I still wonder what the impact of the validator's guessing of the
"meaning" of the CE hash will be on performance, as well as the rules
at the cut points. (The latter is also a problem with the NSEC, you
need to know if you have the upper or lower NSEC in the proof and if
it is the right one.)
Edward Lewis +1-571-434-5468
Nothin' more exciting than going to the printer to watch the toner drain...
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.