6 Mar
2017
6 Mar
'17
4:39 a.m.
Am 01.03.2017 um 03:12 schrieb Viktor Dukhovni:
How often should the NSEC3 params (salt in particular) be changed.
For now, never. Choose a suitable random value around 8 octets long, and keep it fixed.
Hello Viktor,
Your suggestion differ from RFC 5155. https://tools.ietf.org/html/rfc5155#appendix-C.1: "It is RECOMMENDED that the salt be changed for every re-signing"
Could you explain your choice more verbose?
Thanks Andreas
--
A. Schulze
DATEV eG