git.ipfire.org Git - thirdparty/systemd.git/commit

]> git.ipfire.org Git - thirdparty/systemd.git/commit

projects / thirdparty / systemd.git / commit

author	Ronan Pigott <ronan@rjp.ie>
	Sun, 25 Feb 2024 07:23:32 +0000 (00:23 -0700)
committer	Ronan Pigott <ronan@rjp.ie>
	Mon, 26 Feb 2024 08:55:57 +0000 (01:55 -0700)
commit	eba291124bc11f03732d1fc468db3bfac069f9cb
tree	e1665049fe6729b1782addc5a361a1789d540db2	tree \| snapshot
parent	67d0ce8843d612a2245d0966197d4f528b911b66	commit \| diff

resolved: reduce the maximum nsec3 iterations to 100

According to RFC9267, the 2500 value is not helpful, and in fact it can
be harmful to permit a large number of iterations. Combined with limits
on the number of signature validations, I expect this will mitigate the
impact of maliciously crafted domains designed to cause excessive
cryptographic work.

src/resolve/resolved-dns-dnssec.c

diff | blob | blame | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom