[dns-operations] nsec vs nsec3 use

Grant Taylor gtaylor at tnetconsulting.net
Tue Apr 13 15:58:16 UTC 2021

Hi Viktor,

On 4/12/21 7:51 PM, Viktor Dukhovni wrote:
> my advice is to use NSEC unless you have an absolutely compelling 
> case to attempt to deter zone enumeration

Would you please elaborate on why that is your opinion / advice?

It seems contrary to the litmus test of which is more secure vs 
difficult to implement.

I'm trying to understand your thought process and subsequently make a 
more informed decision myself.

Thank you for your time.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210413/e3a255df/attachment.bin>

More information about the dns-operations mailing list