[dns-operations] Evaluation of NSEC3-encloser attack

Jim Reid jim at rfc1035.com
Wed Mar 27 21:29:01 UTC 2024

Previous message (by thread): [dns-operations] Evaluation of NSEC3-encloser attack
Next message (by thread): [dns-operations] Evaluation of NSEC3-encloser attack
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


> On 27 Mar 2024, at 19:37, Ondřej Surý <ondrej at sury.org> wrote:
> 
> Both salt and iterations have absolutely no value for NSEC3 security (see the RFC you just quoted), so just always use empty salt and zero iterations. There’s no added value in fiddling with salt to fit into the SHA1 block.

IMO, there’s no added value in using NSEC3.

Previous message (by thread): [dns-operations] Evaluation of NSEC3-encloser attack
Next message (by thread): [dns-operations] Evaluation of NSEC3-encloser attack
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dns-operations mailing list