DNSKEY, KEY, RRSIG and SIG constraints have been relaxed to allow empty key and signature material after the algorithm identifier for PRIVATEOID and PRIVATEDNS. It is arguable whether this falls within the expected use of these types as no key material is shared and the signatures are ineffective but these are private algorithms and they can be totally insecure.
Closes #5167
Merge branch '5167-relax-private-dnskey-constraints' into 'main'
See merge request isc-projects/bind9!10083
projects / thirdparty / bind9.git / commitdiff
