[Opendnssec-develop] [OpenDNSSEC] #95: SHA-2 supported or not?
OpenDNSSEC
owner-dnssec-trac at kirei.se
Fri Feb 5 13:13:08 UTC 2010
#95: SHA-2 supported or not?
---------------------------------------------------------------+------------
Reporter: Stéphane Bortzmeyer <bortzmeyer+opendnssec@…> | Owner: rb
Type: defect | Status: new
Priority: major | Component: Unknown
Version: trunk | Keywords:
---------------------------------------------------------------+------------
kasp.xml apparently lets me specify algorithm 8:
<KSK>
<Algorithm length="2048">8</Algorithm>
The keys are created and the signer seems happy:
bortzmeyer.fr. 600 IN DNSKEY 256 3 8 AwEAAcaRUNNJN//PQz...
bortzmeyer.fr. 86400 IN RRSIG TXT 8 2 86400 20100205230826
20100205110816 36024 bortzmeyer.fr. qOERRH/Tn...
But kaspcheck disagrees:
ods-kaspcheck
ERROR: In policy test, incompatible algorithm (8) used for ZSK NSEC3 in
/etc/opendnssec/kasp.xml - should be 6 or 7
ERROR: In policy test, incompatible algorithm (8) used for KSK NSEC3 in
/etc/opendnssec/kasp.xml - should be 6 or 7
--
Ticket URL: <http://trac.opendnssec.org/ticket/95>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list