> On 27 Mar 2024, at 19:37, Ondřej Surý <ond...@sury.org> wrote: > > Both salt and iterations have absolutely no value for NSEC3 security (see the > RFC you just quoted), so just always use empty salt and zero iterations. > There’s no added value in fiddling with salt to fit into the SHA1 block.
IMO, there’s no added value in using NSEC3. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
