> On 22 Oct 2021, at 4:48 am, Vladimír Čunát <vladimir.cunat+i...@nic.cz> wrote: > > Example micro-benchmark doing just the NSEC3 hashing shows that even quite > long 32B salt has little effect but 255B adds a noticeable multiplicative > factor. Therefore I'd suggest that NSEC3 records with salt > 32B may be > ignored or something similar; I don't expect they really exist in practice > and we still shave some factor from attacks. That's all assuming we can't > afford pushing the validator limits very close to zero iterations.
The observed salt lengths from my NSEC3 scan were, so there's a large cluster of ~291k zones with 40 byte salts. It looks like the recent burst of signing by hostpoint.ch used that salt length. We could suggest they reconsider that choice. The small cluster of 125 zones with 64 byte salts looks dominated by (but not exclusive to) kilobajt.sk. The 3 outliers at 255 were: matejgroma.com, saren.sa and saren.org.sa. 0 167477 1 2010575 2 237576 3 15971 4 965075 5 1164236 6 11130 7 1224 8 7465501 9 909 10 1821 11 928 12 17848 13 884 14 982 15 158 16 87950 17 25 18 59 19 136 20 7221 21 216 22 193 23 220 24 9192 25 125 26 123 27 96 28 51 29 44 30 38 31 33 32 584 33 11 34 10 35 5 36 3 37 1 39 1 40 291294 44 1 64 125 120 1 128 1 255 3 -- Viktor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop