> You are right in another way though: NSEC3 doesn't (well IMHO shouldn't)
> require ANY of those properties of its hash function, UNLESS you
> care about enumeration. NSEC3 should be able to cope with ANY function
> (whatsoever) as the hash function, though the worse hash function it
> is (and the smaller its range is compared to its domain), the more
> important a functional fall-back to the identity hash becomes.


Not quite ANY function. The size of the hash space must be
bigger than the number of records in the NSEC3 chain.

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: