Re: [DNSOP] nsec3-parameters opinions gathered
Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 08 November 2021 17:29 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9830F3A127B for <dnsop@ietfa.amsl.com>; Mon, 8 Nov 2021 09:29:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Y5B-qj3h9BD for <dnsop@ietfa.amsl.com>; Mon, 8 Nov 2021 09:29:05 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C1843A127D for <dnsop@ietf.org>; Mon, 8 Nov 2021 09:29:04 -0800 (PST)
Received: from smtpclient.apple (unknown [63.88.3.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id 6E726BDA67 for <dnsop@ietf.org>; Mon, 8 Nov 2021 12:29:03 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <ec14099d-adfe-09ae-a06c-80cc2a1cf793@isc.org>
Date: Mon, 08 Nov 2021 12:29:01 -0500
Content-Transfer-Encoding: quoted-printable
Reply-To: dnsop@ietf.org
Message-Id: <7AB6BFF3-4AD8-4D08-8C0D-F4A5904AC277@dukhovni.org>
References: <ybl7ddnr16f.fsf@w7.hardakers.net> <206e17b4-a920-8e3e-586d-ecc29855fae3@nic.cz> <45a10ca4-93e1-3c9c-7434-83c387d5246e@NLnetLabs.nl> <4254eece-a024-dbe4-3a64-a7ff957ce945@pletterpet.nl> <ec14099d-adfe-09ae-a06c-80cc2a1cf793@isc.org>
To: dnsop@ietf.org
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mtmjPF2zEDnEcKobfSZW-3Q3TBY>
Subject: Re: [DNSOP] nsec3-parameters opinions gathered
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 17:29:11 -0000
> On 8 Nov 2021, at 6:07 am, Petr Špaček <pspacek@isc.org> wrote: > > TL;DR > I say we should go for 0 and acknowledge in the text we are not there yet. This means reaching out to the TLD operators again... They were quite cooperative ~6 months back, but I wouldn't want to take them for granted and keep asking for multiple further rounds of changes. So whatever target ends up in the final document should be something they'd be willing to adopt as a final "issue closed" update. The iteration count distribution for the TLDs is presently: # TLDs NSEC3 iterations ------ ---------------- 147 0 458 1 1 2 14 3 112 5 4 8 545 10 29 12 1 13 1 15 1 17 6 20 2 25 The outliers above 10 are: ccTLDs: bn de dk pl sg ua xn--clchc0ea0b2g2a9gcd xn--yfro4i67o gTLDs: alstom barcelona bauhaus bcn cat erni eurovision eus firmdale gal gdn gmx ifm lacaixa madrid man mango nrw quebec radio ruhr sap scot seat sport swiss whoswho xn--55qw42g xn--80asehdb xn--80aswg xn--mgbab2bd xn--zfr164b The largest by count of signed delegations are .PL (12 iterations), .DK (17) and .DE (15). The bulge at 10 iterations has the following top 21 SOA rnames: 186 hostmaster@donuts.email. 176 noc@afilias-nst.info. 87 hostmaster@nominet.org.uk. 11 hostmaster@coccaregistry.org. 6 hostmaster@registro.br. 5 gtldsupport@aeda.ae. 4 sysmgr@cnnic.cn. 4 support@ryce-rsp.com. 4 support@registry.net.za. 4 snw@twnic.net.tw. 3 root@cnnic.cn. 3 registry@thains.co.th. 3 hostmaster@lemarit.com. 2 registry@nic.mr. 2 info@yesnic.com. 2 hostmaster@hkirc.net.hk. 2 hmaster-info@ics.forth.gr. 2 domain-manager@nic.or.kr. 2 dnsmaster@channelisles.net. 2 dns@amnic.net. 2 dns-team@flexireg.net. The rest are 33 "singleton" rnames present in just 1 TLD each: ad ar bg cr gl gw gy hn hr it kw lat lv ly ma mc md mil mx nc nf pe pt ro sb tt ug uy uz ws xn--mgbai9azgqp6j xn--wgbh1c za -- Viktor.
- [DNSOP] nsec3-parameters opinions gathered Wes Hardaker
- Re: [DNSOP] nsec3-parameters opinions gathered Miek Gieben
- Re: [DNSOP] nsec3-parameters opinions gathered Vladimír Čunát
- Re: [DNSOP] nsec3-parameters opinions gathered Benno Overeinder
- Re: [DNSOP] nsec3-parameters opinions gathered Olafur Gudmundsson
- Re: [DNSOP] nsec3-parameters opinions gathered Viktor Dukhovni
- Re: [DNSOP] nsec3-parameters opinions gathered Wes Hardaker
- Re: [DNSOP] nsec3-parameters opinions gathered Wes Hardaker
- Re: [DNSOP] nsec3-parameters opinions gathered Miek Gieben
- Re: [DNSOP] nsec3-parameters opinions gathered Matthijs Mekking
- Re: [DNSOP] nsec3-parameters opinions gathered Petr Špaček
- Re: [DNSOP] nsec3-parameters opinions gathered Wes Hardaker
- Re: [DNSOP] nsec3-parameters opinions gathered Wes Hardaker
- Re: [DNSOP] [Ext] nsec3-parameters opinions gathe… Paul Hoffman
- Re: [DNSOP] nsec3-parameters opinions gathered A. Schulze
- Re: [DNSOP] [Ext] nsec3-parameters opinions gathe… Paul Vixie
- Re: [DNSOP] nsec3-parameters opinions gathered Viktor Dukhovni
- Re: [DNSOP] nsec3-parameters opinions gathered Viktor Dukhovni
- Re: [DNSOP] nsec3-parameters opinions gathered Paul Wouters
- Re: [DNSOP] nsec3-parameters opinions gathered Mark Andrews
- Re: [DNSOP] nsec3-parameters opinions gathered Petr Špaček
- Re: [DNSOP] nsec3-parameters opinions gathered Viktor Dukhovni
- Re: [DNSOP] nsec3-parameters opinions gathered Petr Špaček
- Re: [DNSOP] nsec3-parameters opinions gathered Michael Bauland
- Re: [DNSOP] nsec3-parameters opinions gathered Viktor Dukhovni