RFC 5155

E204123

RFC 5155 is an Internet standards document that specifies the NSEC3 extension to DNSSEC, enhancing DNS security by providing authenticated denial of existence while mitigating zone enumeration.

All labels observed (1)

Label Occurrences
RFC 5155 canonical 2

How this entity was disambiguated

Statements (47)

Predicate Object
instanceOf Internet standards document
Request for Comments
addresses zone enumeration in DNSSEC
aimsTo enhance DNS security
prevent trivial enumeration of DNS zones
appliesTo DNS resource records
Domain Name System
area Security
category Standards Track
defines NSEC3 Opt-Out mechanism
NSEC3 hashing parameters
NSEC3 operational practices
NSEC3 owner name construction
definesExtension NSEC3
NSEC3PARAM
documentType Standards Track RFC
focusesOn authenticated denial of existence in DNSSEC
intendedStatus Standards Track
language English
mitigates DNS zone enumeration
networkLayer Application layer
obsoletes none
partOf DNSSEC specification suite
protocolFamily DNSSEC
surface form: DNS Security Extensions

DNSSEC
provides hashed authenticated denial of existence
publishedBy Internet Engineering Task Force
surface form: IETF

Internet Engineering Task Force
relatedTo RFC 4033
RFC 4034
RFC 4035
RFCNumber 5155
securityProperty authenticated denial of existence
reduced information leakage about zone contents
specifies NSEC3 record format
NSEC3PARAM record format
operational considerations for NSEC3
security considerations for NSEC3
use of cryptographic hash functions for NSEC3 records
standardsStatus Proposed Standard
stream IETF Stream
title DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
updates RFC 4034
RFC 4035
usesConcept iterative hashing of domain names
salted hashes
workingGroup DNSSEC
surface form: DNS Extensions (dnsext)

How these facts were elicited

Referenced by (2)

Full triples — surface form annotated when it differs from this entity's canonical label.

DNSSEC definedInRFC RFC 5155
RFC 4034 isUpdatedBy RFC 5155