]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 129b731) | patch
Deprecate SHA-1 DS digests in `dnssec-signzone`
authorTony Finch <dot@dotat.at>
Wed, 30 Jan 2019 18:04:52 +0000 (18:04 +0000)
committerEvan Hunt <each@isc.org>
Thu, 9 May 2019 01:17:55 +0000 (18:17 -0700)
commitd8f2eb249a729ff0a18aa348c14c3785dbb78ce2
tree3ccc6750e58191466b5daeec595a2f804c27c12ftree | snapshot
parent129b731273bd9325abaaf760f6e37bb0b05f952acommit | diff
Deprecate SHA-1 DS digests in `dnssec-signzone`

This affects two cases:

  * When writing a `dsset` file for this zone, to be used by its
    parent, only write a SHA-256 DS record.

  * When reading a `keyset` file for a child, to generate DS records
    to include in this zone, generate SHA-256 DS records only.

This change does not affect digests used in CDS records.

This is for conformance with the DS/CDS algorithm requirements in
https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update
bin/dnssec/dnssec-signzone.c diff | blob | blame | history
bin/tests/system/dnssec/tests.sh diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git