> On Oct 14, 2020, at 2:18 AM, Brian Somers <[email protected]> wrote:
>
> The calculation was hindered by the RFC saying:
>
> The key tag for algorithm 1 (RSA/MD5) is defined differently from the
> key tag for all other algorithms, for historical reasons. For a
> DNSKEY RR with algorithm 1, the key tag is defined to be the most
> significant 16 bits of the least significant 24 bits in the public
> key modulus (in other words, the 4th to last and 3rd to last octets
> of the public key modulus).
>
> The piece before the parenthesis is correct. The piece in parenthesis
> is blatantly wrong :(
Yes, this is covered in the errata:
https://www.rfc-editor.org/errata/eid193
--
Viktor.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
