This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Support for SHA256 in ds-rdata checker
- Previous message (by thread): [db-wg] Syntax of the "nserver:" Attribute in Domain Objects
- Next message (by thread): [db-wg] Support for SHA256 in ds-rdata checker
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alexander Gall
gall at switch.ch
Tue Jul 31 10:14:56 CEST 2012
I'm not sure whether this belongs here or in the dns-wg (or somewhere else?). I just updated the ds-rdata of one of our domain objects and realized that the RDNS checker does not support SHA-256, neither for the DS record nor as part of signature algorithm 8 (RSASHA256) ***RDNS: (related to set) INFO: 6199 8 2 03A50B02CC5FCBCC8071AD93212C923E8C399DE64AE7C042442E2DE2F0029592 ; uses a Digest type that is not implemented by this checker. We cannot verify if the chain of trust is intact. You should be conciously using digest types other than SHA1 ***RDNS: (related to ns2.switch.ch) INFO: The signature over DNSKEY is made with algorithm code 8 The checker does not implement this algorithm and can therefore not validate the chain of trust It is assumed that using algoritm type 8 is a conscious choice. SHA256 has been in use for both purposes for a number of years. Are there any plans to support it in the RDNS checker? Regards, Alex -- SWITCH Serving Swiss Universities -------------------------- Alexander Gall, Global LAN Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 15, direct +41 44 268 15 22 alexander.gall at switch.ch, http://www.switch.ch
- Previous message (by thread): [db-wg] Syntax of the "nserver:" Attribute in Domain Objects
- Next message (by thread): [db-wg] Support for SHA256 in ds-rdata checker
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]