Greetings all,
Viktor and I have been working on a BCP to provide guidance on selecting reasonable NSEC3 parameters. We'd love your feedback and for dnsop to consider adopting it. A new version of I-D, draft-hardaker-dnsop-nsec3-guidance-02.txt has been successfully submitted by Wes Hardaker and posted to the IETF repository. Name: draft-hardaker-dnsop-nsec3-guidance Revision: 02 Title: Guidance for NSEC3 parameter settings Document date: 2021-02-19 Group: Individual Submission Pages: 7 URL: https://www.ietf.org/archive/id/draft-hardaker-dnsop-nsec3-guidance-02.txt Status: https://datatracker.ietf.org/doc/draft-hardaker-dnsop-nsec3-guidance/ Htmlized: https://datatracker.ietf.org/doc/html/draft-hardaker-dnsop-nsec3-guidance Htmlized: https://tools.ietf.org/html/draft-hardaker-dnsop-nsec3-guidance-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-hardaker-dnsop-nsec3-guidance-02 Abstract: NSEC3 is a DNSSEC mechanism providing proof of non-existence by promising there are no names that exist between two domainnames within a zone. Unlike its counterpart NSEC, NSEC3 avoids directly disclosing the bounding domainname pairs. This document provides guidance on setting NSEC3 parameters based on recent operational deployment experience. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- Wes Hardaker USC/ISI _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
