From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Tue, 14 Jun 2016 11:27:30 +0000 (+0200)
Subject: Words on ECDSA and deterministic signatures
X-Git-Tag: auth-4.0.0-rc1~45^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d4e91ab9ee0017b976f9e1945d26626f5d1e46f;p=thirdparty%2Fpdns.git

Words on ECDSA and deterministic signatures

Closes #2720
---

diff --git a/docs/markdown/authoritative/dnssec.md b/docs/markdown/authoritative/dnssec.md
index fa1e2d1670..d8b74b9ccd 100644
--- a/docs/markdown/authoritative/dnssec.md
+++ b/docs/markdown/authoritative/dnssec.md
@@ -110,6 +110,10 @@ This corresponds to:
 In order to facilitate interoperability with existing technologies, PowerDNS keys
 can be imported and exported in industry standard formats.
 
+When using OpenSSL for ECDSA signatures (this is default), starting from OpenSSL
+1.1.0, [RFC 6979](http://tools.ietf.org/html/rfc6979) deterministic signatures are
+used.
+
 **Note**: Actual supported algorithms depend on the crypto-libraries PowerDNS was
 compiled against. To check the supported DNSSEC algoritms in your build of PowerDNS,
 run `pdnsutil list-algorithms`.