bemasc / dnssec-strict-mode Goto Github PK
View Code? Open in Web Editor NEWDraft standards proposal for stricter DNSSEC validation
License: Other
Draft standards proposal for stricter DNSSEC validation
License: Other
Section 2.2:
Under the current DNSSEC validation behavior, a zone is only as secure as the weakest algorithm implemented by both the signer and the validator.
When talking about signed zones, I prefer talking about how the zone is signed, not what the signer supports. so "algorithm used to sign the zone".
"If this flag is set, all records in the zone MUST be signed correctly under this key's specified Algorithm." is redundant - that's the same as the current rules.
document in the op considerations section: As with roll-in, when moving away from a strict mode alg, a zone operator must first roll to (all) non-strict-mode keys of that algorithm, then roll the alg out.
If there are multiple Strict Mode keys for the zone, validators SHOULD validate signatures under each of their Algorithms.
First, I assume you mean "Strict Mode keys for multiple algorithms".
I think you should go on to say "...and mark the RRset as Bogus if ANY of those validations result in a Bogus result".
(And, as I said on the dnsop list, I don't think we need to make this change. But if we are...)
Please deal with the edge case of a DNSKEY RRset where (at least) one DNSKEY of algorithm X has the bit set and (at least) one does not.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.