Movatterモバイル変換

[0]ホーム
URL:

Search RFCs

Advanced Search

RFC Editor

BCP 236

RFC 9276

Guidance for NSEC3 Parameter Settings,August 2022

File formats:

icon for HTMLicon for text fileicon for v3pdficon for XMLicon for inline errata
Also available:XML file for editing
 
Status:
BEST CURRENT PRACTICE
Updates:
RFC 5155
Authors:
W. Hardaker
V. Dukhovni
Stream:
IETF
Source:
dnsop (ops)

Cite this RFC:TXT  | XML  |  BibTeX

DOI:  https://doi.org/10.17487/RFC9276

Discuss this RFC: Send questions or comments to the mailing listdnsop@ietf.org

Other actions:View Errata  | Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC 9276

Abstract

NSEC3 is a DNSSEC mechanism providing proof of nonexistence byasserting that there are no names that exist between two domain nameswithin a zone. Unlike its counterpart NSEC, NSEC3 avoids directlydisclosing the bounding domain name pairs. This document providesguidance on setting NSEC3 parameters based on recent operationaldeployment experience. This document updates RFC 5155 with guidanceabout selecting NSEC3 iteration and salt parameters.

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.



IABIANAIETFIRTFISEISOCIETF Trust
ReportsPrivacy StatementSite MapContact Us

Advanced Search
[8]ページ先頭
©2009-2026 Movatter.jp