[Opendnssec-develop] Converting unsigned data to lowercase

Matthijs Mekking matthijs at NLnetLabs.nl
Thu May 26 14:03:23 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I remember that one of the possible solutions was to store the input
data next to the ldns rr so-to-say. Use the canonicalized ldns rr for
creating signatures and use the untouched input data for writing the
signed zone file.

This has not been done yet. It was I believe low priority. Plus, it
pushes even more on our memory usage.

The other option was to fix your script:). Domain name comparison should
be case insensitive.

Best regards,

Matthijs


On 05/26/2011 03:49 PM, Rickard Bellgrim wrote:
> Hi
> 
> Currently I am setting up v1.3.0 in our test bed, but .SEs test
> scripts will not accept the signed zone because all of the uppercase
> data has been converted to lowercase. It is around 500 RR where the
> domain name is written in uppercase. (This is some old data in the
> database, new data will be saved in lowercase)
> 
> I remember that we had this discussion more than a year ago and we
> ended up changing the behavior of the Signer Engine to not touch the
> data and only do the conversion on the input for the signatures.
> 
> What is our opinion this time?
> 
> // Rickard
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJN3l2qAAoJEA8yVCPsQCW5Nk8IALsrwWk78hQCf42hjl1BVoFe
wPQpETO735NgrlW2KoAPAbGS3/Q25WIp50bpP2WWAZQJdcfAcIO0c+OgLRpPjAha
XKY1hnnbUqgU90MwOJlktz45Xb8+5JZC9/Mia8AlMR/2ERFkY1VReXTQuioB9slT
OVBD7magkuLxe3OHITMoF3jb7o96Sfb8aD5tUAFHKBHYqoG4MPZMATlTJj80Fzpg
sLSrtQ7uU2rpDJfbm3vHeShnfUpnLOtMumAUkKlaqq0XKZvyqoCC+gz1sR+Fkd9V
M0jbfXxr73Nakdp0VALU2mePN2eIc1eeexo3xQYFsHIbMOKEN7iZOSjlP7SFZo0=
=D8kK
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list