> You are right in another way though: NSEC3 doesn't (well IMHO shouldn't)
> require ANY of those properties of its hash function, UNLESS you
> care about enumeration. NSEC3 should be able to cope with ANY function
> (whatsoever) as the hash function, though the worse hash function it
> is (and the smaller its range is compared to its domain), the more
> important a functional fall-back to the identity hash becomes.

Not quite ANY function. The size of the hash space must be
bigger than the number of records in the NSEC3 chain.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.