[Dnssec-deployment] Why not NSEC3?

Paul Vixie vixie at isc.org
Sat Jul 10 11:53:07 EDT 2010

> From: Olaf Kolkman <olaf at NLnetLabs.nl>
> Date: Sat, 10 Jul 2010 15:02:03 +0200
> > kaminsky reminded me recently that white lies are way easier with NSEC3
> > than with NSEC.  H(x)-1 and H(x)+1 are easier to calc than x-1 and x+1
> > where 'x' is the qname.  so, there may be apps for NSEC3 other than
> > where the overall complexity is warranted or feature level is needed.
> Is that because a hash is an available library function and once hashed
> swapping a bit is easy?

no, it's because the NSEC3 boundary markers are numbers, whereas the NSEC
boundary markers are names.  we (over on dnsext) spent some time trying to
figure out how to compute x-1 and x+1 where x was "ABC" and part of the
discussion centered around collisions where both x and x-1 (or x and x+1)
existed.  if x-1 or x+1 is a collision in NSEC3 space then we'd all better
go out and buy lottery tickets because the laws of chance have just been

More information about the Dnssec-deployment mailing list