Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Technical Analysis of the Naming Scheme Used For Individual Root Servers (R4)


Date IssuedDocumentReference IDCurrent Phase

Technical Analysis of the Naming Scheme Used For Individual Root Servers (R4)RSSAC028

Status
colourGreen
titleClosed



Description:

Study reducing the priming response size.

When considering the priming response under DNSSEC, the scheme explained in Section 5.6 generated the smallest possible size, as expected. However, some implementations would become brittle if this naming scheme was adopted. Future work in this area could include modeling and proposing protocol changes to support this configuration, noting that the total cost shown by such a model might exceed the accompanying total benefit. RSSAC should study having a specific upper limit on the size of priming responses where the query has DO=1. Research to reduce the response size might consider:

  • Choosing a naming scheme with a single root server name
  • Testing the consequences of all large responses having the TC bit set
  • Backward-compatible protocol enhancements using EDNS0 to support a priming specific single signature over the entire priming set (NS, A, AAAA, DNSKEYs). Further, more speculative studies about how to reduce the response size might include:
    • Using different cryptographic algorithms
    • Advertising what is expected in the Additional section (this would require modifying the DNS protocol)
    • Having a single key for the root zone instead of the current KSK + ZSK scheme
    • Effects of leaving the Additional section in priming responses empty


STATUS UPDATES

DatePhaseTypeStatus Updates