As noted by @stirnim, OpenSSL does not respect rfc6979

author Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 14 Jun 2016 18:57:11 +0000 (20:57 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 14 Jun 2016 18:57:11 +0000 (20:57 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 14 Jun 2016 18:57:11 +0000 (20:57 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 14 Jun 2016 18:57:11 +0000 (20:57 +0200)
diff --git a/docs/markdown/authoritative/dnssec.md b/docs/markdown/authoritative/dnssec.md

index d8b74b9ccdecb98b12485bd0c436d1194802fe16..d6911aef834c60398b15dd9c1b3db2f5fafb6967 100644 (file)
--- a/docs/markdown/authoritative/dnssec.md
+++ b/docs/markdown/authoritative/dnssec.md
@@ -111,8 +111,8 @@ In order to facilitate interoperability with existing technologies, PowerDNS key
  can be imported and exported in industry standard formats.
  
  When using OpenSSL for ECDSA signatures (this is default), starting from OpenSSL
-1.1.0, [RFC 6979](http://tools.ietf.org/html/rfc6979) deterministic signatures are
-used.
+1.1.0, the algorithm used is resilient against PRNG failure, while not
+strictly conforming to [RFC 6979](http://tools.ietf.org/html/rfc6979).
  
  **Note**: Actual supported algorithms depend on the crypto-libraries PowerDNS was
  compiled against. To check the supported DNSSEC algoritms in your build of PowerDNS,
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 14 Jun 2016 18:57:11 +0000 (20:57 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 14 Jun 2016 18:57:11 +0000 (20:57 +0200)