JFTR .cz was asked by "The Office for Personal Data Protection" to implement measures to protect the personal data for domain holders. NSEC3 was part of the solution.
O. -- Ondřej Surý -- Chief Science Officer -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.s...@nic.cz https://nic.cz/ -------------------------------------------- ----- Original Message ----- > From: "Edward Lewis" <edward.le...@icann.org> > To: dnsop@ietf.org > Sent: Thursday, March 12, 2015 1:14:46 PM > Subject: [DNSOP] Using NSEC3 for opt-out, was Re: Comments regarding the > NSEC5 > On 3/12/15, 6:31, "Florian Weimer" <fwei...@redhat.com> wrote: > >>And does anyone actually use opt out with NSEC3? > > Currently twenty-one TLDs use NSEC3 with 0 iterations and no salt. > Nineteen more use no salt with more than 1 iteration. > > That's just a count of what's in the root zone delegations. I haven't > asked if they all use NSEC3 for opt-out, but given those parameters and > based on at least one private conversation with one of the operators, I'm > sure these are 40 cases of zones using NSEC3 for it's opt-out capability. > (Subsets of the 40 zones are operated by the same entity, so it's not > necessarily 40 operators.) > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop