In message
<can6ntqxxnyik75rf1e9fkch3cb8d5fqf6hkswxtxk_gyxcq...@mail.gmail.com>,
=?UTF-8?B?w5NsYWZ1ciBHdcOwbXVuZHNzb24=?= writes:
> I will be happy to do that, stay tuned as I need to create a special
> signer for it :-)
>
> Olafur
dnssec-signzone + awk + dnssec-dsfromkey works well.
e.g.
awk '$4 == "RRSIG" && $6 == 8 { $6 = 99 }
$4 == "DNSKEY" && $7 == 8 { $7 = 99}
{ print }'
Mark
> On Sun, Oct 16, 2016 at 4:16 AM, Mikael Abrahamsson <[email protected]>
> wrote:
>
> > On Sat, 15 Oct 2016, =C3=93lafur Gu=C3=B0mundsson wrote:
> >
> > I have domains signed by all combinations of signing algorithms and DS
> >> digests as well as Nsec variants
> >> Ds-n.alg-m-nsec.dnssec-test.org
> >>
> >> Replace n with 1..4
> >> M with 1..14
> >> Nsec is one of Nsec nsec3 none
> >>
> >
> > I'd be veryinterested if you could create an algorithm called "99" (or
> > something), and we could test that. Anyone not loading the "99" resource =
> is
> > violating the "SHOULD", even if they understand ECDSA.
> >
> > This would investigate ratio of problems when we want to introduce a new
> > algorithm in the future.
> >
> >
> > --
> > Mikael Abrahamsson email: [email protected]
> >
>
> --94eb2c0cd28c3de9dd053efdf57f
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
>
> <div dir=3D"ltr">I will be happy to do that, =C2=A0stay tuned as I need to =
> create a special signer for it :-)=C2=A0<div><br></div><div>Olafur</div><di=
> v><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote"=
> >On Sun, Oct 16, 2016 at 4:16 AM, Mikael Abrahamsson <span dir=3D"ltr"><=
> <a href=3D"mailto:[email protected]"; target=3D"_blank">[email protected]</a>&=
> gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
> 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=3D"">On Sat=
> , 15 Oct 2016, =C3=93lafur Gu=C3=B0mundsson wrote:<br>
> <br>
> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
> x #ccc solid;padding-left:1ex">
> I have domains signed by all combinations of signing algorithms and DS<br>
> digests as well as Nsec variants<br>
> <a href=3D"http://Ds-n.alg-m-nsec.dnssec-test.org"; rel=3D"noreferrer" targe=
> t=3D"_blank">Ds-n.alg-m-nsec.dnssec-test.or<wbr>g</a><br>
> <br>
> Replace n with 1..4<br>
> M with 1..14<br>
> Nsec is one of Nsec nsec3 none<br>
> </blockquote>
> <br></span>
> I'd be veryinterested if you could create an algorithm called "99&=
> quot; (or something), and we could test that. Anyone not loading the "=
> 99" resource is violating the "SHOULD", even if they underst=
> and ECDSA.<br>
> <br>
> This would investigate ratio of problems when we want to introduce a new al=
> gorithm in the future.<div class=3D"HOEnZb"><div class=3D"h5"><br>
> <br>
> -- <br>
> Mikael Abrahamsson=C2=A0 =C2=A0 email: <a href=3D"mailto:[email protected]"; =
> target=3D"_blank">[email protected]</a></div></div></blockquote></div><br></=
> div>
>
> --94eb2c0cd28c3de9dd053efdf57f--
>
>
> --===============9042271128241020298==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop
>
> --===============9042271128241020298==--
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
