Words on ECDSA and deterministic signatures

author Pieter Lexis <pieter.lexis@powerdns.com>

Tue, 14 Jun 2016 11:27:30 +0000 (13:27 +0200)

committer Pieter Lexis <pieter.lexis@powerdns.com>

Tue, 14 Jun 2016 11:30:39 +0000 (13:30 +0200)
author Pieter Lexis <pieter.lexis@powerdns.com>
Tue, 14 Jun 2016 11:27:30 +0000 (13:27 +0200)
committer Pieter Lexis <pieter.lexis@powerdns.com>
Tue, 14 Jun 2016 11:30:39 +0000 (13:30 +0200)
diff --git a/docs/markdown/authoritative/dnssec.md b/docs/markdown/authoritative/dnssec.md

index fa1e2d16704ff6379e3197edee8e314909b4e7f8..d8b74b9ccdecb98b12485bd0c436d1194802fe16 100644 (file)
--- a/docs/markdown/authoritative/dnssec.md
+++ b/docs/markdown/authoritative/dnssec.md
@@ -110,6 +110,10 @@ This corresponds to:
  In order to facilitate interoperability with existing technologies, PowerDNS keys
  can be imported and exported in industry standard formats.
  
+When using OpenSSL for ECDSA signatures (this is default), starting from OpenSSL
+1.1.0, [RFC 6979](http://tools.ietf.org/html/rfc6979) deterministic signatures are
+used.
+
  **Note**: Actual supported algorithms depend on the crypto-libraries PowerDNS was
  compiled against. To check the supported DNSSEC algoritms in your build of PowerDNS,
  run `pdnsutil list-algorithms`.
author	Pieter Lexis <pieter.lexis@powerdns.com>
	Tue, 14 Jun 2016 11:27:30 +0000 (13:27 +0200)
committer	Pieter Lexis <pieter.lexis@powerdns.com>
	Tue, 14 Jun 2016 11:30:39 +0000 (13:30 +0200)