10 Čen
2016
10 Čen
'16
10:15
On 9.6.2016 18:37, Marek Vavruša wrote:
NSEC has been a sane default for a while and people
who want NSEC3 have
already enabled it.
Changing it would break the rule of least surprise in current
deployments, when zones signed using
and old policy would be NSEC and zones signed with a new policy NSEC3.
That's something not trivially fixable once the zones are published.
OK. Thanks. Just to make it clear: this won't change anything in the
signing behavior if the policy is already configured. This is purely for
newly initialized policies.
Jan