Skip to main content

Guidance for NSEC3 parameter settings
draft-hardaker-dnsop-nsec3-guidance-03

Document Type Replaced Internet-Draft (individual)
Authors Wes Hardaker , Viktor Dukhovni
Last updated 2021-05-06
Replaced by RFC 9276
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-dnsop-nsec3-guidance
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

NSEC3 is a DNSSEC mechanism providing proof of non-existence by promising there are no names that exist between two domainnames within a zone. Unlike its counterpart NSEC, NSEC3 avoids directly disclosing the bounding domainname pairs. This document provides guidance on setting NSEC3 parameters based on recent operational deployment experience.

Authors

Wes Hardaker
Viktor Dukhovni

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)