[ldns-users] ldns-key2ds output uses wrong value for alg, and gets sha256 wrong
Paul Wouters
paul at xelerance.com
Tue Aug 7 14:49:41 UTC 2007
On Tue, 7 Aug 2007, Jelte Jansen wrote:
> > dnsx.xelerance.com 3600 IN DS 10732 RSASHA1 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13
> >
> > While this should be, according to RFC3658 section 2.4 and 2.5 I believe this should be (though
> > that could have been written down a lot better):
> >
> > dnsx.xelerance.com 3600 IN DS 10732 5 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13
> However, RFC4034, which obsoletes 3568, states that:
>
> 5.3. The DS RR Presentation Format
>
> <snip>
>
> The Algorithm field MUST be represented either as an unsigned decimal
> integer or as an algorithm mnemonic specified in Appendix A.1.
So perhaps an option to ldns-key2ds would be useful to choose?
Perhaps even refusing to run with a default option to make the user
more aware he needs to make a choice?
Paul
More information about the ldns-users
mailing list