Re: [Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624
Looks sensible, I've pushed the equivalent, and removed the now-redundant DSA signature verification code too. Simon. On 24/02/2020 07:08, Loganaden Velvindron wrote: > Google might mangle the patch. Feedback welcomed. > > RFC 8624 Section 3.1 (https://www.rfc-editor.org/rfc/rfc8624.txt )says: > > 3 | DSA| MUST NOT| MUST NOT > 6 | DSA-NSEC3-SHA1 | MUST NOT| MUST NOT > > > > > I've added them on this gh repo: > 1) Remove DSA-NSEC3-SHA1 DNSSEC algorithm as this is set to > status MUST NOT implement in RFC 8624: > https://raw.githubusercontent.com/cyberstormdotmu/dnsmasq_dnssec_patches/master/0001-Remove-DSA-NSEC3-SHA1-DNSSEC-algorithm-as-this-is-se.patch > 2) Remove DSA DNSSEC algorithm as this is set to status MUST > NOT implement in RFC 8624: > https://github.com/cyberstormdotmu/dnsmasq_dnssec_patches/blob/master/0002-Remove-DSA-DNSSEC-algorithm-as-this-is-set-to-status.patch > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624
Hi, Have that since last year with possibility to reenable with HAVE_DNS build-time define: https://github.com/themiron/dnsmasq/commit/5a1a8bc039561455677e825194f470219093aaf6.patch Also, GOST is obsolete and GOST2012 is not standardized yet. This helps to turn it off by default: https://github.com/themiron/dnsmasq/commit/a9ef96041fd0b594b662cbcb1a9b475844a4a5ab.patch p.s Please ignore ctypto-openssl.c part, it's not part of official dnsmasq source. Best Regards, Vladislav Grishenko -Original Message- From: Dnsmasq-discuss On Behalf Of Loganaden Velvindron Sent: Monday, February 24, 2020 12:08 PM To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: [Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624 Google might mangle the patch. Feedback welcomed. RFC 8624 Section 3.1 (https://www.rfc-editor.org/rfc/rfc8624.txt )says: 3 | DSA| MUST NOT| MUST NOT 6 | DSA-NSEC3-SHA1 | MUST NOT| MUST NOT I've added them on this gh repo: 1) Remove DSA-NSEC3-SHA1 DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624: https://raw.githubusercontent.com/cyberstormdotmu/dnsmasq_dnssec_patches/master/0001-Remove-DSA-NSEC3-SHA1-DNSSEC-algorithm-as-this-is-se.patch 2) Remove DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624: https://github.com/cyberstormdotmu/dnsmasq_dnssec_patches/blob/master/0002-Remove-DSA-DNSSEC-algorithm-as-this-is-set-to-status.patch ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624
Google might mangle the patch. Feedback welcomed. RFC 8624 Section 3.1 (https://www.rfc-editor.org/rfc/rfc8624.txt )says: 3 | DSA| MUST NOT| MUST NOT 6 | DSA-NSEC3-SHA1 | MUST NOT| MUST NOT I've added them on this gh repo: 1) Remove DSA-NSEC3-SHA1 DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624: https://raw.githubusercontent.com/cyberstormdotmu/dnsmasq_dnssec_patches/master/0001-Remove-DSA-NSEC3-SHA1-DNSSEC-algorithm-as-this-is-se.patch 2) Remove DSA DNSSEC algorithm as this is set to status MUST NOT implement in RFC 8624: https://github.com/cyberstormdotmu/dnsmasq_dnssec_patches/blob/master/0002-Remove-DSA-DNSSEC-algorithm-as-this-is-set-to-status.patch ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
