DNSKEY Validation
Mark Elkins
mje at posix.co.za
Tue Jul 14 07:15:25 UTC 2009
OK - so I accept that the algorithm will change.
What about some sort of validation of the base-64 part of the key?
Is there a checksum byte/word?
Is there a way of checking that the length is correct?
On Tue, 2009-07-14 at 10:56 +1000, Mark Andrews wrote:
> In message <4A5B1BDC.3090402 at gis.net>, Danny Mayer writes:
> > Stephane Bortzmeyer wrote:
> > > On Sun, Jul 12, 2009 at 08:42:27PM +0200,
> > > Mark Elkins <mje at posix.co.za> wrote
> > > a message of 31 lines which said:
> > >
> > >> Arg 3 should be 5 (or maybe 3) - the algorithm.
> > >
> > > No, you must bnot use a hard-wired list in your code, because the list
> > > of algorithmps registered at IANA can change.
> >
> > It better not otherwise you would have horrendous interoperability problems.
> >
> > Danny
>
> Change includes extend. :-)
>
> Mark
>
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
--
. . ___. .__ Posix Systems - Sth Africa. e.164 VOIP ready
/| /| / /__ mje at posix.co.za - Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
More information about the bind-users
mailing list