[Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624

Vladislav Grishenko themiron.ru at gmail.com
Tue Feb 25 20:33:34 GMT 2020


Hi,

Have that since last year with possibility to reenable with HAVE_DNS build-time define:
https://github.com/themiron/dnsmasq/commit/5a1a8bc039561455677e825194f470219093aaf6.patch

Also, GOST is obsolete and GOST2012 is not standardized yet. This helps to turn it off by default:
https://github.com/themiron/dnsmasq/commit/a9ef96041fd0b594b662cbcb1a9b475844a4a5ab.patch

p.s Please ignore ctypto-openssl.c part, it's not part of official dnsmasq source.

Best Regards, Vladislav Grishenko

-----Original Message-----
From: Dnsmasq-discuss <dnsmasq-discuss-bounces at lists.thekelleys.org.uk> On Behalf Of Loganaden Velvindron
Sent: Monday, February 24, 2020 12:08 PM
To: dnsmasq-discuss at lists.thekelleys.org.uk
Subject: [Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624

Google might mangle the patch. Feedback welcomed.

RFC 8624  Section 3.1 (https://www.rfc-editor.org/rfc/rfc8624.txt )says:

3      | DSA                | MUST NOT        | MUST NOT
6      | DSA-NSEC3-SHA1     | MUST NOT        | MUST NOT




I've added them on this gh repo:
1) Remove DSA-NSEC3-SHA1 DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624:
https://raw.githubusercontent.com/cyberstormdotmu/dnsmasq_dnssec_patches/master/0001-Remove-DSA-NSEC3-SHA1-DNSSEC-algorithm-as-this-is-se.patch
2) Remove DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624:
https://github.com/cyberstormdotmu/dnsmasq_dnssec_patches/blob/master/0002-Remove-DSA-DNSSEC-algorithm-as-this-is-set-to-status.patch

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss




More information about the Dnsmasq-discuss mailing list