IETF Logo Mail Archive

BCP 236, RFC 9276 on Guidance for NSEC3 Parameter Settings

rfc-editor@rfc-editor.org Thu, 11 August 2022 13:54 UTC

Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56DA8C15DD4D; Thu, 11 Aug 2022 06:54:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.658
X-Spam-Level:
X-Spam-Status: No, score=-1.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xp4uJN5loJN; Thu, 11 Aug 2022 06:54:11 -0700 (PDT)
Received: from rfcpa.amsl.com (rfc-editor.org [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A134FC15DD60; Thu, 11 Aug 2022 06:54:11 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 02B884C92B; Thu, 11 Aug 2022 06:54:10 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
Subject: BCP 236, RFC 9276 on Guidance for NSEC3 Parameter Settings
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, dnsop@ietf.org
Content-type: text/plain; charset="UTF-8"
Message-Id: <20220811135411.02B884C92B@rfcpa.amsl.com>
Date: Thu, 11 Aug 2022 06:54:10 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/5-SZYHGPs_VBm0_K-Oszu7RBgKQ>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2022 13:54:15 -0000

A new Request for Comments is now available in online RFC libraries.

        BCP 236        
        RFC 9276

        Title:      Guidance for NSEC3 Parameter Settings 
        Author:     W. Hardaker,
                    V. Dukhovni
        Status:     Best Current Practice
        Stream:     IETF
        Date:       August 2022
        Mailbox:    ietf@hardakers.net,
                    ietf-dane@dukhovni.org
        Pages:      10
        Updates:    RFC 5155
        See Also:   BCP 236

        I-D Tag:    draft-ietf-dnsop-nsec3-guidance-10.txt

        URL:        https://www.rfc-editor.org/info/rfc9276

        DOI:        10.17487/RFC9276

NSEC3 is a DNSSEC mechanism providing proof of nonexistence by
asserting that there are no names that exist between two domain names
within a zone.  Unlike its counterpart NSEC, NSEC3 avoids directly
disclosing the bounding domain name pairs.  This document provides
guidance on setting NSEC3 parameters based on recent operational
deployment experience.  This document updates RFC 5155 with guidance
about selecting NSEC3 iteration and salt parameters.

This document is a product of the Domain Name System Operations Working Group of the IETF.


BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for 
improvements. Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  https://www.ietf.org/mailman/listinfo/ietf-announce
  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC

v2.23.0 | Report a Bug | By Email