On 4/28/16, 18:05, "DNSOP on behalf of Matthew Pounsett"
wrote:
> On 28 April 2016 at 06:37, Edward Lewis wrote:
>>
>> Not sure if that answers the question fully. Hope it helps.
>
> It helps, for sure. So if I
On 28 April 2016 at 06:37, Edward Lewis wrote:
>
> Not sure if that answers the question fully. Hope it helps.
>
It helps, for sure. So if I understand you correctly, at the TLD level
it's 4:1 in favour of NSEC3, and all of those are opt-out.
I imagine that will change
Matthew (and Shane),
>>>Also, I'm not sure that it is fair to say "most zones are not signed
>>>with NSEC". I guess most *TLD* are signed with NSEC3 either for zone
>>>size reasons or in a (misguided IMHO) attempt to keep the zone
>>>contents secret. But is this true for domains that are not
Matthew,
At 2016-04-27 08:29:46 -0700
Matthew Pounsett wrote:
> On 19 April 2016 at 08:13, Shane Kerr wrote:
>
> > Also, I'm not sure that it is fair to say "most zones are not signed
> > with NSEC". I guess most *TLD* are signed with NSEC3
> From: Shumon Huque
> For just the TLDs, "most" is true; I have some data at:
>
> https://www.huque.com/app/dnsstat/category/tld/dnssec/
>
> In short, 895 or 79.1% of the signed TLDs are using NSEC3
Many TLDs use NSEC3 with OPT-OUT.
# JP uses NSEC3 with OUT-OUT.
On Wed, Apr 27, 2016 at 11:29 AM, Matthew Pounsett
wrote:
>
>
> On 19 April 2016 at 08:13, Shane Kerr wrote:
>
>> Also, I'm not sure that it is fair to say "most zones are not signed
>> with NSEC". I guess most *TLD* are signed with NSEC3 either
On 19 April 2016 at 08:13, Shane Kerr wrote:
> Also, I'm not sure that it is fair to say "most zones are not signed
> with NSEC". I guess most *TLD* are signed with NSEC3 either for zone
> size reasons or in a (misguided IMHO) attempt to keep the zone contents
>
Stephane,
At 2016-04-15 16:13:44 +0200
Stephane Bortzmeyer wrote:
> On Sun, Apr 10, 2016 at 10:18:11AM -0400,
> Tim Wicinski wrote
> a message of 35 lines which said:
>
> > This starts a Call for Adoption for Aggressive use of NSEC/NSEC3
> >