JFTR .cz was asked by "The Office for Personal Data Protection" to implement 
measures to protect the personal data for domain holders.  NSEC3 was part of 
the solution.

O.

--
 Ondřej Surý -- Chief Science Officer
 --------------------------------------------
 CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
 Milesovska 5, 130 00 Praha 3, Czech Republic
 mailto:ondrej.s...@nic.cz    https://nic.cz/
 --------------------------------------------

----- Original Message -----
> From: "Edward Lewis" <edward.le...@icann.org>
> To: dnsop@ietf.org
> Sent: Thursday, March 12, 2015 1:14:46 PM
> Subject: [DNSOP] Using NSEC3 for opt-out,     was Re:  Comments regarding the 
> NSEC5

> On 3/12/15, 6:31, "Florian Weimer" <fwei...@redhat.com> wrote:
> 
>>And does anyone actually use opt out with NSEC3?
> 
> Currently twenty-one TLDs use NSEC3 with 0 iterations and no salt.
> Nineteen more use no salt with more than 1 iteration.
> 
> That's just a count of what's in the root zone delegations.  I haven't
> asked if they all use NSEC3 for opt-out, but given those parameters and
> based on at least one private conversation with one of the operators, I'm
> sure these are 40 cases of zones using NSEC3 for it's opt-out capability.
> (Subsets of the 40 zones are operated by the same entity, so it's not
> necessarily 40 operators.)
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to