[dns-operations] Evaluation of NSEC3-encloser attack
Matthew Richardson
matthew-l at itconsult.co.uk
Wed Mar 27 19:17:01 UTC 2024
Viktor Dukhovni wrote:-
>I do hope that, as a community, we'll continue to steadily streamline
>acceptable NSEC3 parameters (per RFC9276) down to 0 additional
>iterations and short enough salt values (that don't result in additional
>SHA-1 input blocks).
What would be the largest salt length to ensure that such additional input
blocks are not required?
--
Best wishes,
Matthew
More information about the dns-operations
mailing list