bemasc / dnssec-strict-mode Goto Github PK
View Code? Open in Web Editor NEWDraft standards proposal for stricter DNSSEC validation
License: Other
dnssec-strict-mode's People
Stargazers
Watchers
Forkers
akz98dnssec-strict-mode's Issues
write about zone signing, not what signer implements
Section 2.2:
Under the current DNSSEC validation behavior, a zone is only as secure as the weakest algorithm implemented by both the signer and the validator.
When talking about signed zones, I prefer talking about how the zone is signed, not what the signer supports. so "algorithm used to sign the zone".
remove redundant instruction
"If this flag is set, all records in the zone MUST be signed correctly under this key's specified Algorithm." is redundant - that's the same as the current rules.
add roll-out operational considerations
document in the op considerations section: As with roll-in, when moving away from a strict mode alg, a zone operator must first roll to (all) non-strict-mode keys of that algorithm, then roll the alg out.
clarify the multiple strict alg instruction
If there are multiple Strict Mode keys for the zone, validators SHOULD validate signatures under each of their Algorithms.
First, I assume you mean "Strict Mode keys for multiple algorithms".
I think you should go on to say "...and mark the RRset as Bogus if ANY of those validations result in a Bogus result".
(And, as I said on the dnsop list, I don't think we need to make this change. But if we are...)
DNSKEY RRset with disparate values for this bit
Please deal with the edge case of a DNSKEY RRset where (at least) one DNSKEY of algorithm X has the bit set and (at least) one does not.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.