On 02. 08. 22 22:29, Edward Lewis wrote:
On 8/2/22, 11:02 AM, "DNSOP on behalf of Paul Hoffman" <dnsop-boun...@ietf.org on
behalf of paul.hoff...@icann.org> wrote:
I would rather mention NSEC/NSEC3 so the reader gets an idea for the mechanism
in RFC 8198. I left off NSEC3 because I thought that basically all use of NSEC3
was with opt-out, but if I'm wrong, I could put it in the text.
Just as a data point, there are two gTLDs over 1 million delegations that use
NSEC3 / no-opt out.
I have no data on ccTLDs, nor lower in the namespace.
In ccTLD space e.g. CZ has 1.4 million delegations and uses NSEC3
without opt-out:
https://stats.nic.cz/dashboard/en/DNSSEC.html
--
Petr Špaček
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop