[DNSOP] Last Call: <draft-ietf-dnsop-nsec3-guidance-08.txt> (Guidance for NSEC3 parameter settings) to Best Current Practice
The IESG <iesg-secretary@ietf.org> Mon, 18 April 2022 18:31 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1])
by ietfa.amsl.com (Postfix) with ESMTP id 9DADA3A19C3;
Mon, 18 Apr 2022 11:31:09 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 7.46.0
Auto-Submitted: auto-generated
Precedence: bulk
CC: dnsop-chairs@ietf.org, dnsop@ietf.org,
draft-ietf-dnsop-nsec3-guidance@ietf.org, tjw.ietf@gmail.com,
warren@kumari.net
Reply-To: last-call@ietf.org
Sender: <iesg-secretary@ietf.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <165030666953.2730.1997428037621829525@ietfa.amsl.com>
Date: Mon, 18 Apr 2022 11:31:09 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/A8h2S2M1tnue24tsUpxdROsRCDg>
Subject: [DNSOP] Last Call: <draft-ietf-dnsop-nsec3-guidance-08.txt>
(Guidance for NSEC3 parameter settings) to Best Current Practice
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>,
<mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Apr 2022 18:31:11 -0000
The IESG has received a request from the Domain Name System Operations WG (dnsop) to consider the following document: - 'Guidance for NSEC3 parameter settings' <draft-ietf-dnsop-nsec3-guidance-08.txt> as Best Current Practice The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2022-05-02. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract NSEC3 is a DNSSEC mechanism providing proof of non-existence by asserting that there are no names that exist between two domain names within a zone. Unlike its counterpart NSEC, NSEC3 avoids directly disclosing the bounding domain name pairs. This document provides guidance on setting NSEC3 parameters based on recent operational deployment experience. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec3-guidance/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc5155: DNS Security (DNSSEC) Hashed Authenticated Denial of Existence (Proposed Standard - Internet Engineering Task Force (IETF)) rfc4035: Protocol Modifications for the DNS Security Extensions (Proposed Standard - Internet Engineering Task Force (IETF)) rfc4470: Minimally Covering NSEC Records and DNSSEC On-line Signing (Proposed Standard - Internet Engineering Task Force (IETF))