On Mon, 10 May 2021, Olafur Gudmundsson wrote:
I guess I support the document but would like it to say
“Please do not use NSEC3 but if you have to use NSEC3 use it use these settings”
The document should point how trivial it is to expose most names in NSEC3
signed zone using Graphics cards and dictionaries.
But it should also then say something about opt-out, which might be
harder to agree on (imho: "really, we have the RAM/CPU/SSD/DISK now, you
should not use opt-out")
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
