[dns-operations] Evaluation of NSEC3-encloser attack

[Matthew Richardson]

Viktor Dukhovni wrote:-

>I do hope that, as a community, we'll continue to steadily streamline
>acceptable NSEC3 parameters (per RFC9276) down to 0 additional
>iterations and short enough salt values (that don't result in additional
>SHA-1 input blocks).

What would be the largest salt length to ensure that such additional input
blocks are not required?

--
Best wishes,
Matthew