[Opendnssec-user] KASP configuration questions
Nick Urbanik
nicku at nicku.org
Wed Feb 22 23:00:38 UTC 2023
Dear Folks,
I want to use the slightly more modern algorithm 13 (ECDSA P256) for
key signing, and want to disable salting in NSEC3, and have one
iteration only of hashing.
<Denial>
<NSEC3>
<Resalt>PT0S</Resalt>
<Hash>
<Algorithm>1</Algorithm>
<Iterations>1</Iterations>
<Salt length="0"/>
</Hash>
</NSEC3>
</Denial>
I added a length="256" attribute to the algorithm element, which
seemed to make the software happier. However, it does not like the
value I gave for Resalt. How do you express that you want no salt in
your NSEC3 records?
The documentation seems to require me to read the source code.
--
Nick Urbanik http://nicku.org nicku at nicku.org
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24
More information about the Opendnssec-user
mailing list