[net-dns-users] Release candidate for Net::DNS::SEC 0.22

Willem Toorop willem at nlnetlabs.nl
Wed Feb 4 13:40:17 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear users of Net::DNS::SEC,

We have a candidate for the upcoming 0.22 release of Net::DNS::SEC.
This release introduces the following new features and improvements:

* RRSIG::siginception and RRSIG::siginception in time values

	RRSIG::siginception and RRSIG::siginception now returns,
	besides the format date in string context like before, the date
	as seconds since epoch in numeric context.

* ECDSA and GOST signature creation and verification

	The optional Crypt::OpenSSL::EC, Crypt::OpenSSL::ECDSA and
	Digest::GOST need to be available to enable this feature.

* Version requirements detection for optional modules

	Besides the optional modules just mentioned,
	Crypt::OpenSSL::Random is an optional module which enables
	private key generation and Digest::BubbleBabble enables
	Net::DNS::RR::DS::babble

Besides these features, architectural modifications have been made to
loosen the Net::DNS::RR::* classes from the Net::DNS::SEC package, so
that they can be added to the regular Net::DNS in the future, although
without cryptographic operations.

To this end, all cryptographic operations are now concentrated in
their own modules Net::DNS::SEC::RSA, Net::DNS::SEC::DSA,
Net::DNS::SEC::ECDSA and Net::DNS::SEC::ECCGOST.

An affected module of this rework is Net::DNS::SEC::Private.   This
module previously performed cryptographic operations with the
generate_rsa, new_rsa_priv and dump_rsa_* methods.

The generate_rsa and new_rsa_priv methods are still available as
before, but the dump_rsa_* methods are now available only if the
generate_rsa or new_rsa_priv function were used to create the
Net::DNS::SEC::Private object.  This is different from previous behaviour.

Note that the Private.pm module had and has the following text at the
top of its documentation: "The class is written to be used only in the
context of the Net::DNS::RR::RRSIG create method. This class is not
designed to interact with any other system."

If you  depend upon this module nonetheless, please let us know,
preferably with a use case.

Please review this version carefully and regression-test it with your
software. If no issues arise, the actual release will follow Wedensday
the 11th of February 2015.

link 	https://www.net-dns.org/download/Net-DNS-SEC-0.21_10.tar.gz
sha1 	8f6951a0e4e6fa4d2dc7fbc4147a36945ed5631d

Changes
=======
   Fix: rt.cpan.org #101184
   make siginception and sigexpiration available as time() values

   Fix: rt.cpan.org #101183
   wrong URL for blog in README

   Fix: rt.cpan.org #83031
   [RRSIG] lack of ECDSA support

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU0iFAAAoJEOX4+CEvd6SYjroP/j704GRfZcnrvvpBxKzb/tX5
9syKawcM0ualyQ8nhojPj7+qybXvMMF7Zh4h0oiGe2riVi7gLZBoZvFqAXO9kPzD
zJZSn2bDgZz4FVyWzFcooZ49y9MxhHo8AZEFgejqZLPmIH0zQCvrrlb+OYYBav8C
1iTlOegWvm5tYMmh4qveMT5CpEvPtmEFs5HeVyQ0mL7KBJbpKrnHgP3BAzzIHl4H
me1EqBl7smGPis0l9N2UA2TBDFABzezA5XtOafzLGkmdnU+FWfIiiJEHpGKYEEPz
35ONVEwiikEc/sHOHczVHmK7mNtP91NFMs9c2ZTkDLb4jds+DPRM0Lv8/GyVxKGW
4QTMkyyf8sw8iPW78uvW6K5IPlT0V8ZbbryiUVLWbyEQZtqX4PzFYz8JK2yw6dKj
X1Ui4OxPMixqPkj5rlyK9LqJvSvvhwqS+34Vc9x07H76hAdbiq02905xV/kdDmCa
FqIyz+/dSeCsAGcwsh2gm/ayRih3HruIl3C2BtkqJsZBPPk+M9vc47OmNtVF+vjG
NDTwEDgz4KxBKoRWd5qJfbGXI0OQ2rFiOdWfUmcDXkBApLraBuD3+rL8cL6dSuhZ
pBiwqOze+6GIv5jIvcaryUzQKU32gIuQfj/Y5/37U+C9S5fXlZ3MgvchXfZQj5jO
nwSRdEeYrfa+JEFdjgRo
=6Wpt
-----END PGP SIGNATURE-----



More information about the net-dns-users mailing list