Skip to main content

5. Calculation of the Hash

5. Calculation of the Hash

The hash calculation uses three of the NSEC3 RDATA fields: Hash Algorithm, Salt, and Iterations.

Define H(x) to be the hash of x using the Hash Algorithm selected by the NSEC3 RR, k to be the number of Iterations, and || to indicate concatenation. Then define:

IH(salt, x, 0) = H(x || salt), and

IH(salt, x, k) = H(IH(salt, x, k-1) || salt), if k > 0

Then the calculated hash of an owner name is

IH(salt, owner name, iterations),

where the owner name is in the canonical form, defined as:

The wire format of the owner name where:

  1. The owner name is fully expanded (no DNS name compression) and fully qualified;

  2. All uppercase US-ASCII letters are replaced by the corresponding lowercase US-ASCII letters;

  3. If the owner name is a wildcard name, the owner name is in its original unexpanded form, including the "*" label (no wildcard substitution);

This form is as defined in Section 6.2 of [RFC4034].

The method to calculate the Hash is based on [RFC2898].

Last updated on