Am 01.03.2017 um 03:12 schrieb Viktor Dukhovni: >> How often should the NSEC3 params (salt in particular) be changed. > > For now, never. Choose a suitable random value around 8 octets long, > and keep it fixed.
Hello Viktor, Your suggestion differ from RFC 5155. https://tools.ietf.org/html/rfc5155#appendix-C.1: "It is RECOMMENDED that the salt be changed for every re-signing" Could you explain your choice more verbose? Thanks Andreas -- A. Schulze DATEV eG
