[ldns-users] ldns-key2ds output uses wrong value for alg, and gets sha256 wrong
jelte at NLnetLabs.nl
Tue Aug 7 08:23:34 UTC 2007
Paul Wouters wrote:
> On Tue, 7 Aug 2007, Paul Wouters wrote:
> ldns-key2ds outputs:
> dnsx.xelerance.com 3600 IN DS 10732 RSASHA1 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13
> While this should be, according to RFC3658 section 2.4 and 2.5 I believe this should be (though
> that could have been written down a lot better):
> dnsx.xelerance.com 3600 IN DS 10732 5 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13
Hmm, this is a contradiction in different RFCs;
RFC3568 indeed specifies that it must be a number:
2.5. Presentation Format of the DS Record
The presentation format of the DS record consists of three numbers
(key tag, algorithm, and digest type) followed by the digest itself
presented in hex:
However, RFC4034, which obsoletes 3568, states that:
5.3. The DS RR Presentation Format
The Algorithm field MUST be represented either as an unsigned decimal
integer or as an algorithm mnemonic specified in Appendix A.1.
Now this issue has been raised before, and i am willing to change it,
for the sake of compatibility with software that doesn't adhere to 4034.
I actually do agree that using a number is better.
But i am going to raise this up (again) to be clarified in the update of
rfc4034. The reason i left in in so far (and why i am still hesitant to
change it) is that it does weed out other software that can only handle
the numbers and not the mnemonic...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 252 bytes
Desc: OpenPGP digital signature
More information about the ldns-users