On 1/31/19, Alan Clegg <a...@clegg.com> wrote: > On 1/31/19 4:57 PM, Mark Andrews wrote: > >> Given type 1 is a SHA-1 fingerprint it isn’t legal. Named just >> hasn’t added type to length to the parsing code. >> >> No real SSHFP will be 1 octet long. > > While I agree that it's junk, the RFC doesn't give the DNS software the > ability to make that decision from my reading. > > There is nothing in the RFC about validating the correctness of the data:
I'm not following your logic. The RFC says a field is the fingerprint and the user supplied data can't possibly be a fingerprint. It seems to me there's a requirement to reject the user supplied data since it can't possibly be a fingerprint. Regards, Lee > > -- > The RDATA of the presentation format of the SSHFP resource record > consists of two numbers (algorithm and fingerprint type) followed by > the fingerprint itself, presented in hex, e.g.: > > host.example. SSHFP 2 1 123456789abcdef67890123456789abcdef67890 > -- > > AlanC _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
