Re: [DNSOP] nsec3-parameters opinions gathered

"A. Schulze" <sca@andreasschulze.de> Mon, 08 November 2021 17:56 UTC

Return-Path: <sca@andreasschulze.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2F203A08DA for <dnsop@ietfa.amsl.com>; Mon, 8 Nov 2021 09:56:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andreasschulze.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e4C8C2PDfdyA for <dnsop@ietfa.amsl.com>; Mon, 8 Nov 2021 09:56:18 -0800 (PST)
Received: from mta.somaf.de (mta.somaf.de [IPv6:2001:470:77b3:103::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE0CF3A088F for <dnsop@ietf.org>; Mon, 8 Nov 2021 09:56:17 -0800 (PST)
Message-ID: <f3622705-423c-84b7-be54-d0491e7f5062@andreasschulze.de>
ARC-Seal: i=1; a=rsa-sha256; d=mta.somaf.de; s=arcseal202101; t=1636394141; cv=none; b=ihx1Lit/zp9wGRhc8em9erUsuKOO9Julzh7GkapqbSx4twmL19wGlQRBw4cDZpCymRoLlHoIXsazVq3I6Ti+X2zwHRAt2KAp9xb8Vw1kf35e06DV5p8WFaWs8J1R8GAX8c25kW4tMEPfkhttC12o2kiHW5hUEKbJLljBvxI3twdP4kt/SQ3FRvgs0EBibaor2bjzPteatmm4sgK6TlAe2du87KFLuWuNnlk47JLB7KNgQ68yf9i75jGfk0Z6/Qvf1stp13yL07ZCApkfzB2aZc161k6wLN8NKYAHz217FpIUL3+Ofef6R2sPgBRqyIWTwzppnx7FoINwe+JGA28yow==
ARC-Message-Signature: i=1; a=rsa-sha256; d=mta.somaf.de; s=arcseal202101; t=1636394141; c=relaxed/relaxed; bh=yFR/Aqe0mo9lDfKEoScNRxImN1rmi5/PZ6CPetosiFA=; h=Message-ID:DKIM-Signature:Date:MIME-Version:Subject: Content-Language:To:References:From:In-Reply-To:Content-Type: Content-Transfer-Encoding; b=SI/2yWvhMYvY2epi3GSZDuS+lNDwFBogNja9Hqu11kK1jVSbMz8GcGF0fjcQCHeTc9o89xPObRbr50HBVVVlTkqYUhsIsv8a/0VHCHOctXhZKYNRJNVe4Gigi/ZCcxnR2VGmkapz0Ys0SKaiWPpxPgf2jW9kvgVJFoM2pK35mLhuJ1PzvWmXs6vlaVLvib34lNiHDTtDkCo6AmhWHsqXXqjPY5H6neFrvv3r7K+BJOKUsUPK12q15dJHzL6H2ag3QqCk6vmmweu6hNuemb5V4EVTX6y4U2gEdv3ILox876OlTV/8/J2FQs80tppcLX2oaDYEZo1PGH9+TWmYL/cZFw==
ARC-Authentication-Results: i=1; mta.somaf.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=andreasschulze.de; s=20211029-24DF1279; t=1636394141; x=1641394141; bh=yFR/Aqe0mo9lDfKEoScNRxImN1rmi5/PZ6CPetosiFA=; h=Message-ID:Date:MIME-Version:Subject:To:References:From: In-Reply-To:Content-Type:Content-Transfer-Encoding:autocrypt:cc: content-transfer-encoding:content-type:date:from:in-reply-to: message-id:mime-version:openpgp:references:subject:to; b=PVAK0dvS4xPZae+xadiX3BVGHpaBIaxQv4SqFAEgFPqPtpgKs1xAqEYc2eVss3DYT RPHmNoFLSSsiAleieIMpp/vBvj6UgpkOU6WvQ5rCvyCDHX7Q6Hx0PQVlMk71dOdKBv RRVWDv1eDcjnWw/rJ1+hv1gScjUGWPUJq9anJUIdy7geVlikP9zUQ3w0xv95Qzr4e5 PdOLRbXbQnr7uHZa1CHRaT2P5CDPy67dnWwEVJC8oHqWLMft+q8TCr/aitI5GNJ2eG 3axQSxBpMi+K8KHmbQ8Ueme+NzSBgELgNBNS+uE1DKx8FJ4ylsK8CPzCSO7PcMc27n i9azfTn7o9NVA==
Date: Mon, 08 Nov 2021 18:55:25 +0100
MIME-Version: 1.0
Content-Language: en-US
To: dnsop@ietf.org
References: <ybl7ddnr16f.fsf@w7.hardakers.net> <206e17b4-a920-8e3e-586d-ecc29855fae3@nic.cz> <45a10ca4-93e1-3c9c-7434-83c387d5246e@NLnetLabs.nl> <E354E8D8-5584-4607-A98D-76869F5CC68B@ogud.com>
From: "A. Schulze" <sca@andreasschulze.de>
In-Reply-To: <E354E8D8-5584-4607-A98D-76869F5CC68B@ogud.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/nBSrw9KmVz-fTX5xmC03d_-BHoQ>
Subject: Re: [DNSOP] nsec3-parameters opinions gathered
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 17:56:24 -0000


Am 05.11.21 um 20:19 schrieb Olafur Gudmundsson:

> The document should strongly discourage any use of NSEC3 <full stop> 

Hello,

sorry for maybe asking an already answered question,
but why is NSEC3 considered to have no benefit at all?

I'm still on "NSEC allow zone-walks while NSEC3 don't"
At least not without additional effort.

Andreas