[Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624
Vladislav Grishenko
themiron.ru at gmail.com
Tue Feb 25 20:33:34 GMT 2020
Hi,
Have that since last year with possibility to reenable with HAVE_DNS build-time define:
https://github.com/themiron/dnsmasq/commit/5a1a8bc039561455677e825194f470219093aaf6.patch
Also, GOST is obsolete and GOST2012 is not standardized yet. This helps to turn it off by default:
https://github.com/themiron/dnsmasq/commit/a9ef96041fd0b594b662cbcb1a9b475844a4a5ab.patch
p.s Please ignore ctypto-openssl.c part, it's not part of official dnsmasq source.
Best Regards, Vladislav Grishenko
-----Original Message-----
From: Dnsmasq-discuss <dnsmasq-discuss-bounces at lists.thekelleys.org.uk> On Behalf Of Loganaden Velvindron
Sent: Monday, February 24, 2020 12:08 PM
To: dnsmasq-discuss at lists.thekelleys.org.uk
Subject: [Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624
Google might mangle the patch. Feedback welcomed.
RFC 8624 Section 3.1 (https://www.rfc-editor.org/rfc/rfc8624.txt )says:
3 | DSA | MUST NOT | MUST NOT
6 | DSA-NSEC3-SHA1 | MUST NOT | MUST NOT
I've added them on this gh repo:
1) Remove DSA-NSEC3-SHA1 DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624:
https://raw.githubusercontent.com/cyberstormdotmu/dnsmasq_dnssec_patches/master/0001-Remove-DSA-NSEC3-SHA1-DNSSEC-algorithm-as-this-is-se.patch
2) Remove DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624:
https://github.com/cyberstormdotmu/dnsmasq_dnssec_patches/blob/master/0002-Remove-DSA-DNSSEC-algorithm-as-this-is-set-to-status.patch
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list