This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[db-wg] Support for SHA256 in ds-rdata checker
- Previous message (by thread): [db-wg] Support for SHA256 in ds-rdata checker
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Anand Buddhdev
anandb at ripe.net
Tue Jul 31 18:31:20 CEST 2012
On 31/07/2012 01:14, Alexander Gall wrote: Dear Alexander, > I'm not sure whether this belongs here or in the dns-wg (or somewhere > else?). > > I just updated the ds-rdata of one of our domain objects and realized > that the RDNS checker does not support SHA-256, neither for the DS > record nor as part of signature algorithm 8 (RSASHA256) > > ***RDNS: (related to set) INFO: 6199 8 2 > 03A50B02CC5FCBCC8071AD93212C923E8C399DE64AE7C042442E2DE2F0029592 > ; uses a Digest type that is not implemented by this > checker. We cannot verify if the chain of trust is intact. > You should be conciously using digest types other than SHA1 > > ***RDNS: (related to ns2.switch.ch) INFO: The signature over DNSKEY > is made with algorithm code 8 The checker does not implement > this algorithm and can therefore not validate the chain of > trust It is assumed that using algoritm type 8 is a > conscious choice. > > SHA256 has been in use for both purposes for a number of years. Are > there any plans to support it in the RDNS checker? We are aware of this limitation. Other users have also come across it, and asked us about it. We are actually in the middle of replacing our current delegation checker with the Swedish Registry's DNSCheck, which handles all the current algorithms. We're close to completing the replacement, so please watch out for an announcement very soon. Regards, Anand Buddhdev RIPE NCC
- Previous message (by thread): [db-wg] Support for SHA256 in ds-rdata checker
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]