Guidance for NSEC3 parameter settings
draft-hardaker-dnsop-nsec3-guidance-03
| Document | Type | Replaced Internet-Draft (individual) | |
|---|---|---|---|
| Authors | Wes Hardaker , Viktor Dukhovni | ||
| Last updated | 2021-05-06 | ||
| Replaced by | RFC 9276 | ||
| Stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-dnsop-nsec3-guidance | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
NSEC3 is a DNSSEC mechanism providing proof of non-existence by promising there are no names that exist between two domainnames within a zone. Unlike its counterpart NSEC, NSEC3 avoids directly disclosing the bounding domainname pairs. This document provides guidance on setting NSEC3 parameters based on recent operational deployment experience.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)