[dns-operations] Evaluation of NSEC3-encloser attack

Ondřej Surý ondrej at sury.org
Wed Mar 27 19:37:49 UTC 2024

Both salt and iterations have absolutely no value for NSEC3 security (see the RFC you just quoted), so just always use empty salt and zero iterations. There’s no added value in fiddling with salt to fit into the SHA1 block.

Ondřej Surý (He/Him)

> On 27. 3. 2024, at 20:17, Matthew Richardson <matthew-l at itconsult.co.uk> wrote:
> Viktor Dukhovni wrote:-
>> I do hope that, as a community, we'll continue to steadily streamline
>> acceptable NSEC3 parameters (per RFC9276) down to 0 additional
>> iterations and short enough salt values (that don't result in additional
>> SHA-1 input blocks).
> What would be the largest salt length to ensure that such additional input
> blocks are not required?
> --
> Best wishes,
> Matthew

More information about the dns-operations mailing list