On 3/12/15, 6:31, "Florian Weimer" <fwei...@redhat.com> wrote:
>And does anyone actually use opt out with NSEC3? Currently twenty-one TLDs use NSEC3 with 0 iterations and no salt. Nineteen more use no salt with more than 1 iteration. That's just a count of what's in the root zone delegations. I haven't asked if they all use NSEC3 for opt-out, but given those parameters and based on at least one private conversation with one of the operators, I'm sure these are 40 cases of zones using NSEC3 for it's opt-out capability. (Subsets of the 40 zones are operated by the same entity, so it's not necessarily 40 operators.)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop