[Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624
Simon Kelley
simon at thekelleys.org.uk
Thu Feb 27 13:21:40 GMT 2020
Looks sensible, I've pushed the equivalent, and removed the
now-redundant DSA signature verification code too.
Simon.
On 24/02/2020 07:08, Loganaden Velvindron wrote:
> Google might mangle the patch. Feedback welcomed.
>
> RFC 8624 Section 3.1 (https://www.rfc-editor.org/rfc/rfc8624.txt )says:
>
> 3 | DSA | MUST NOT | MUST NOT
> 6 | DSA-NSEC3-SHA1 | MUST NOT | MUST NOT
>
>
>
>
> I've added them on this gh repo:
> 1) Remove DSA-NSEC3-SHA1 DNSSEC algorithm as this is set to
> status MUST NOT implement in RFC 8624:
> https://raw.githubusercontent.com/cyberstormdotmu/dnsmasq_dnssec_patches/master/0001-Remove-DSA-NSEC3-SHA1-DNSSEC-algorithm-as-this-is-se.patch
> 2) Remove DSA DNSSEC algorithm as this is set to status MUST
> NOT implement in RFC 8624:
> https://github.com/cyberstormdotmu/dnsmasq_dnssec_patches/blob/master/0002-Remove-DSA-DNSSEC-algorithm-as-this-is-set-to-status.patch
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list