[dnssec-deployment] NSEC3 progress

Ben Laurie ben at algroup.co.uk
Mon May 30 10:10:31 EDT 2005

Olaf M. Kolkman wrote:
> On Wed, 25 May 2005 10:54:46 -0700
> Allison Mankin <mankin at psg.com> wrote:
>>Hi, Olaf,
>>>and organise a workshop to understand possible issues. In the past  
>>>those workshops have shown to be more than worthwhile in getting good  
>>>specs. Question: anybody doing an implementation, server/client side?
>>>As far as I understand the "epsilon" work seems to be heading to non- 
>>>deployment. I have not heard of anybody seriously planning on its  
>>It surely is hard to deploy what's not implemented :)  So I guess
>>you are also saying you have not heard of any implementation? 
> I have made a "proof of concept" in perl. But that implementation is
> really not more than a crude hack and would not scale to any serious
> production. Registries seriously considering deployment should write
> their own code and I am not sure of any of that work has been done. 

I have a BIND implementation of NSEC2. Since we mostly know what NSEC3
looks like, I can upgrade that implementation, which I will be doing in
the near future.



More information about the Dnssec-deployment mailing list