NSEC3 Params
Andreas Schulze
andreas.schulze at datev.de
Mon Mar 6 10:39:03 CET 2017
Am 01.03.2017 um 03:12 schrieb Viktor Dukhovni:
>> How often should the NSEC3 params (salt in particular) be changed.
>
> For now, never. Choose a suitable random value around 8 octets long,
> and keep it fixed.
Hello Viktor,
Your suggestion differ from RFC 5155.
https://tools.ietf.org/html/rfc5155#appendix-C.1: "It is RECOMMENDED that the salt be changed for every re-signing"
Could you explain your choice more verbose?
Thanks
Andreas
--
A. Schulze
DATEV eG
More information about the dane-users
mailing list