> On 27 Mar 2024, at 19:37, Ondřej Surý <[email protected]> wrote: > > Both salt and iterations have absolutely no value for NSEC3 security (see the > RFC you just quoted), so just always use empty salt and zero iterations. > There’s no added value in fiddling with salt to fit into the SHA1 block.
IMO, there’s no added value in using NSEC3. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
