Hi Viktor, hi all,
thanks for making us aware of the NSEC3 iteration count topic.
On 08.11.2021 18:29, Viktor Dukhovni wrote:
On 8 Nov 2021, at 6:07 am, Petr Špaček <pspa...@isc.org> wrote:
TL;DR
I say we should go for 0 and acknowledge in the text we are not there yet.
This means reaching out to the TLD operators again... They were quite
cooperative ~6 months back, but I wouldn't want to take them for granted
and keep asking for multiple further rounds of changes. So whatever target
ends up in the final document should be something they'd be willing to adopt
as a final "issue closed" update.
The iteration count distribution for the TLDs is presently:
# TLDs NSEC3 iterations
------ ----------------
147 0
458 1
1 2
14 3
112 5
4 8
545 10
29 12
1 13
1 15
1 17
6 20
2 25
The outliers above 10 are:
ccTLDs: bn de dk pl sg ua xn--clchc0ea0b2g2a9gcd xn--yfro4i67o
gTLDs: alstom barcelona bauhaus bcn cat erni eurovision eus firmdale gal
gdn
gmx ifm lacaixa madrid man mango nrw quebec radio ruhr sap scot seat
sport swiss whoswho xn--55qw42g xn--80asehdb xn--80aswg xn--mgbab2bd
xn--zfr164b
We see your argument and have now adjusted our configurations
accordingly. All TLDs run by CORE Association and Knipp (i.e., almost
all from the gTLDs list above) have now reduced their NSEC3 iteration
count to 0.
Best regards,
Michael
--
____________________________________________________________________
| |
| knipp | Knipp Medien und Kommunikation GmbH
------- Technologiepark
Martin-Schmeisser-Weg 9
44227 Dortmund
Germany
Dipl.-Informatiker Fon: +49 231 9703-0
Fax: +49 231 9703-200
Dr. Michael Bauland SIP: michael.baul...@knipp.de
Software Development E-mail: michael.baul...@knipp.de
Register Court:
Amtsgericht Dortmund, HRB 13728
Chief Executive Officers:
Dietmar Knipp, Elmar Knipp
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
