[ldns-users] canonical signer name in RRSIG during verification

Peter van Dijk peter.van.dijk at netherlabs.nl
Tue Feb 28 17:04:51 UTC 2012


On Feb 28, 2012, at 16:59 , W.C.A. Wijngaards wrote:

> But we wanted to be careful with implementing not-yet-RFC, but this
> now creates trouble with powerDNS.  So, the we intend to lowercase
> signer-names in ldns in canonicalisation (and also in verification and
> signing), as well as keep the compatibility lowercase generation of
> signernames that makes the issue immaterial for signatures created by
> ldns.

To improve compatibility with old LDNS, and perhaps any other validators that do not lowercase for verification, PowerDNS 3.1 (which is due for release very soon) will lowercase signer name during RRSIG generation (just like LDNS).

Kind regards,
Peter van Dijk

More information about the ldns-users mailing list