[Unbound-users] Unbound 1.4.7 release
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Tue Nov 9 20:08:22 UTC 2010
Zitat von Paul Wouters <paul at xelerance.com>:
> On Tue, 9 Nov 2010, lst_hoe02 at kwsoft.de wrote:
>
>> Is GOST a supported cipher for DNSSEC or will it be some time in the future?
>
> It's fully suported in the RFC's includig its algorithm number.
I guess a validating resolver is supposed to treat results as
unsigned/unsecure if it find a algorithm it can not process?
>> As far as i can see it is only available in openssl 1.x or newer
>> and for the next few years this will probably not be the standard
>> on Unix. So most of us have to use "--disable-gost" anyway...
>
> I have not yet packaged things up, but I assume there is detection
> in ./configure
> for this.
Yes that's how i noticed..
> Red Hat strips out all ECC related routines in openssl, so even on
> rhel/centos 6
> there will be no gost if using the stock openssl package. I'm
> looking at seeing
> if it is possible to add a sub package (openssl-gost) that just has the gost
> engine, but that will require some time to see how compatible that
> is with the
> "stripping" used in Red Hat.
That's why software patents are bad as hell....
Regards
Andreas
More information about the Unbound-users
mailing list