This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Support for SHA256 in ds-rdata checker
- Next message (by thread): [db-wg] New delegation checking software
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alexander Gall
gall at switch.ch
Thu Aug 2 08:57:15 CEST 2012
Hello Anand On Tue, 31 Jul 2012 09:31:20 -0700, Anand Buddhdev <anandb at ripe.net> said: > On 31/07/2012 01:14, Alexander Gall wrote: > Dear Alexander, >> I'm not sure whether this belongs here or in the dns-wg (or somewhere >> else?). >> >> I just updated the ds-rdata of one of our domain objects and realized >> that the RDNS checker does not support SHA-256, neither for the DS >> record nor as part of signature algorithm 8 (RSASHA256) >> >> ***RDNS: (related to set) INFO: 6199 8 2 >> 03A50B02CC5FCBCC8071AD93212C923E8C399DE64AE7C042442E2DE2F0029592 >> ; uses a Digest type that is not implemented by this >> checker. We cannot verify if the chain of trust is intact. >> You should be conciously using digest types other than SHA1 >> >> ***RDNS: (related to ns2.switch.ch) INFO: The signature over DNSKEY >> is made with algorithm code 8 The checker does not implement >> this algorithm and can therefore not validate the chain of >> trust It is assumed that using algoritm type 8 is a >> conscious choice. >> >> SHA256 has been in use for both purposes for a number of years. Are >> there any plans to support it in the RDNS checker? > We are aware of this limitation. Other users have also come across it, > and asked us about it. We are actually in the middle of replacing our > current delegation checker with the Swedish Registry's DNSCheck, which > handles all the current algorithms. We're close to completing the > replacement, so please watch out for an announcement very soon. Thanks for the info. This is good news :) Regards, Alex
- Next message (by thread): [db-wg] New delegation checking software
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]