[Bug 248239] local_unbound: Fails to resolve europris.no fail after 11.3->11.4 upgrade
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Jul 25 03:28:33 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248239
--- Comment #8 from Viktor Dukhovni <ietf-dane at dukhovni.org> ---
The authoritative text covering unsupported DS algorithms is:
https://tools.ietf.org/html/rfc4035#section-5.2)
where we see (https://tools.ietf.org/html/rfc4035#page-27)
If the validator does not support any of the algorithms listed in an
authenticated DS RRset, then the resolver has no supported
authentication path leading from the parent to the child. The
resolver should treat this case as it would the case of an
authenticated NSEC RRset proving that no DS RRset exists, as
described above.
So a resolver that does not support ed25519 should be able to resolve the
reported zone, treating it as insecure.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
More information about the freebsd-net
mailing list