[DNSOP] for dnsop consideration: draft-hardaker-dnsop-nsec3-guidance-02.txt

Wes Hardaker <wjhns1@hardakers.net> Fri, 19 February 2021 18:58 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 9C1033A1355 for <dnsop@ietfa.amsl.com>; Fri, 19 Feb 2021 10:58:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id qUA8Mw0BXj47 for <dnsop@ietfa.amsl.com>; Fri, 19 Feb 2021 10:58:10 -0800 (PST)
Received: from mail.hardakers.net (mail.hardakers.net []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6CC13A1285 for <dnsop@ietf.org>; Fri, 19 Feb 2021 10:58:10 -0800 (PST)
Received: from localhost (unknown []) by mail.hardakers.net (Postfix) with ESMTPA id 33C1529A59 for <dnsop@ietf.org>; Fri, 19 Feb 2021 10:58:05 -0800 (PST)
From: Wes Hardaker <wjhns1@hardakers.net>
To: dnsop@ietf.org
Date: Fri, 19 Feb 2021 10:58:05 -0800
Message-ID: <yblim6nevgi.fsf@w7.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/YcAOrwwWRlbb9GGYB_e2qses99A>
Subject: [DNSOP] for dnsop consideration: draft-hardaker-dnsop-nsec3-guidance-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2021 18:58:13 -0000

Greetings all,

Viktor and I have been working on a BCP to provide guidance on selecting
reasonable NSEC3 parameters.  We'd love your feedback and for dnsop to
consider adopting it.

A new version of I-D, draft-hardaker-dnsop-nsec3-guidance-02.txt
has been successfully submitted by Wes Hardaker and posted to the
IETF repository.

Name:		draft-hardaker-dnsop-nsec3-guidance
Revision:	02
Title:		Guidance for NSEC3 parameter settings
Document date:	2021-02-19
Group:		Individual Submission
Pages:		7
URL:            https://www.ietf.org/archive/id/draft-hardaker-dnsop-nsec3-guidance-02.txt
Status:         https://datatracker.ietf.org/doc/draft-hardaker-dnsop-nsec3-guidance/
Htmlized:       https://datatracker.ietf.org/doc/html/draft-hardaker-dnsop-nsec3-guidance
Htmlized:       https://tools.ietf.org/html/draft-hardaker-dnsop-nsec3-guidance-02
Diff:           https://www.ietf.org/rfcdiff?url2=draft-hardaker-dnsop-nsec3-guidance-02

   NSEC3 is a DNSSEC mechanism providing proof of non-existence by
   promising there are no names that exist between two domainnames
   within a zone.  Unlike its counterpart NSEC, NSEC3 avoids directly
   disclosing the bounding domainname pairs.  This document provides
   guidance on setting NSEC3 parameters based on recent operational
   deployment experience.


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

Wes Hardaker