Looks sensible, I've pushed the equivalent, and removed the
now-redundant DSA signature verification code too.

Simon.



On 24/02/2020 07:08, Loganaden Velvindron wrote:
> Google might mangle the patch. Feedback welcomed.
> 
> RFC 8624  Section 3.1 (https://www.rfc-editor.org/rfc/rfc8624.txt )says:
> 
> 3      | DSA                | MUST NOT        | MUST NOT
> 6      | DSA-NSEC3-SHA1     | MUST NOT        | MUST NOT
> 
> 
> 
> 
> I've added them on this gh repo:
> 1) Remove DSA-NSEC3-SHA1 DNSSEC algorithm as this is set to
> status MUST NOT implement in RFC 8624:
> https://raw.githubusercontent.com/cyberstormdotmu/dnsmasq_dnssec_patches/master/0001-Remove-DSA-NSEC3-SHA1-DNSSEC-algorithm-as-this-is-se.patch
> 2) Remove DSA DNSSEC algorithm as this is set to status MUST
> NOT implement in RFC 8624:
> https://github.com/cyberstormdotmu/dnsmasq_dnssec_patches/blob/master/0002-Remove-DSA-DNSSEC-algorithm-as-this-is-set-to-status.patch
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to