[dns-operations] NSEC3 parameter selection (BCP: 1 0 0 -)

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Mon Jan 18 20:53:20 UTC 2021

On 1/18/21 7:55 PM, Viktor Dukhovni wrote:
> The non-empty salt is pointless, but basically harmless.
> [...]
> Because:
>      1.  Every zone is effectively already salted, because as you
>          note below the hash covers the FQDN.
>      2.  Changing the salt takes some care, so "nobody" does it.
>      3.  Combining 1 and 2 we conclude that a fixed salt is no
>          better than an empty salt.

OK.  I do agree that salt is pointless *unless* rotated.  Even the 
original RFC 5155 clearly says that "The salt SHOULD be changed 
periodically".  And to me it just... seemed relatively easy to do, if 
you already do resigning, rotating *SKs, etc.  Both technically and in 
https://www.knot-dns.cz/docs/3.0/singlehtml/#nsec3-salt-lifetime (since 
year 2016 in this case)

The best part IMHO is that rotating a few bytes of salt is relatively 
easy and cheap for the good guys, in comparison to how much it hinders 
dictionaries.  Properties of the iteration count seem far worse.

> It would be good to see all the iteration counts drop to 10 or less,
> ideally just 0.

Certainly.  100 iterations seems ridiculous to me and I'm surprised the 
number got such a large share, though perhaps I'm personally biased 
against trying to hide contents of common TLD zones by NSEC3.


More information about the dns-operations mailing list