NSEC3 Params

John Allen john at klam.ca
Wed Mar 1 02:36:59 CET 2017

How often should the NSEC3 params (salt in particular) be changed.

I was sent an article on "rainbow"? attacks, and there was mention of 
changing/updating the NSEC3 salt might be beneficial. One problem I had 
with the piece was that I could not find a date for, so it might be 
obsolete, secondly I cold not find the author though the piece was 
reported to be from Digital Ocean.


PS. Sorry to post this here I thought there was a DNSSEC mailing list, 
but everything gets rejected!

More information about the dane-users mailing list