[dns-operations] Evaluation of NSEC3-encloser attack

Matthew Richardson matthew-l at itconsult.co.uk
Wed Mar 27 19:17:01 UTC 2024


Viktor Dukhovni wrote:-

>I do hope that, as a community, we'll continue to steadily streamline
>acceptable NSEC3 parameters (per RFC9276) down to 0 additional
>iterations and short enough salt values (that don't result in additional
>SHA-1 input blocks).

What would be the largest salt length to ensure that such additional input
blocks are not required?

--
Best wishes,
Matthew


More information about the dns-operations mailing list