Hi Viktor, hi all,

thanks for making us aware of the NSEC3 iteration count topic.


On 08.11.2021 18:29, Viktor Dukhovni wrote:
On 8 Nov 2021, at 6:07 am, Petr Špaček <pspa...@isc.org> wrote:

TL;DR
I say we should go for 0 and acknowledge in the text we are not there yet.

This means reaching out to the TLD operators again...  They were quite
cooperative ~6 months back, but I wouldn't want to take them for granted
and keep asking for multiple further rounds of changes.  So whatever target
ends up in the final document should be something they'd be willing to adopt
as a final "issue closed" update.

The iteration count distribution for the TLDs is presently:

  # TLDs NSEC3 iterations
  ------ ----------------
     147 0
     458 1
       1 2
      14 3
     112 5
       4 8
     545 10
      29 12
       1 13
       1 15
       1 17
       6 20
       2 25

The outliers above 10 are:

     ccTLDs: bn de dk pl sg ua xn--clchc0ea0b2g2a9gcd xn--yfro4i67o

     gTLDs: alstom barcelona bauhaus bcn cat erni eurovision eus firmdale gal 
gdn
            gmx ifm lacaixa madrid man mango nrw quebec radio ruhr sap scot seat
            sport swiss whoswho xn--55qw42g xn--80asehdb xn--80aswg xn--mgbab2bd
            xn--zfr164b

We see your argument and have now adjusted our configurations accordingly. All TLDs run by CORE Association and Knipp (i.e., almost all from the gTLDs list above) have now reduced their NSEC3 iteration count to 0.

Best regards,

Michael

--
____________________________________________________________________
     |       |
     | knipp |            Knipp  Medien und Kommunikation GmbH
      -------                    Technologiepark
                                 Martin-Schmeisser-Weg 9
                                 44227 Dortmund
                                 Germany

     Dipl.-Informatiker          Fon:    +49 231 9703-0
                                 Fax:    +49 231 9703-200
     Dr. Michael Bauland         SIP:    michael.baul...@knipp.de
     Software Development        E-mail: michael.baul...@knipp.de

                                 Register Court:
                                 Amtsgericht Dortmund, HRB 13728

                                 Chief Executive Officers:
                                 Dietmar Knipp, Elmar Knipp

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to