FYI, we've updated the draft with the latest discussion "maybe consensus" about insecure vs servfail vs various nsec3 iteration counts.
-------------------- Start of forwarded message -------------------- From: [email protected] To: "Viktor Dukhovni" <[email protected]>, "Wes Hardaker" <[email protected]> Subject: New Version Notification for draft-hardaker-dnsop-nsec3-guidance-03.txt Date: Thu, 06 May 2021 14:54:37 -0700 A new version of I-D, draft-hardaker-dnsop-nsec3-guidance-03.txt has been successfully submitted by Wes Hardaker and posted to the IETF repository. Name: draft-hardaker-dnsop-nsec3-guidance Revision: 03 Title: Guidance for NSEC3 parameter settings Document date: 2021-05-06 Group: Individual Submission Pages: 7 URL: https://www.ietf.org/archive/id/draft-hardaker-dnsop-nsec3-guidance-03.txt Status: https://datatracker.ietf.org/doc/draft-hardaker-dnsop-nsec3-guidance/ Htmlized: https://datatracker.ietf.org/doc/html/draft-hardaker-dnsop-nsec3-guidance Htmlized: https://tools.ietf.org/html/draft-hardaker-dnsop-nsec3-guidance-03 Diff: https://www.ietf.org/rfcdiff?url2=draft-hardaker-dnsop-nsec3-guidance-03 Abstract: NSEC3 is a DNSSEC mechanism providing proof of non-existence by promising there are no names that exist between two domainnames within a zone. Unlike its counterpart NSEC, NSEC3 avoids directly disclosing the bounding domainname pairs. This document provides guidance on setting NSEC3 parameters based on recent operational deployment experience. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -------------------- End of forwarded message -------------------- -- Wes Hardaker USC/ISI _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
