On Mar 20 2010, Paul Wouters wrote:
On Sat, 20 Mar 2010, Olaf Kolkman wrote:
- http://www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/NSEC-NSEC3
That still states:
"as well as no algorithm choice for SHA-256"
That's been resolved now, see http://www.bind9.net/dns-sec-algorithm-numbers
RSASHA256 has DNSKEY algorihtm 8 and RSASHA-512 has alg 10. As far as I
know, these include NSEC3, though the registry contains no pointers for that.
It contains a pointer to RFC 5702, and section 5.2 of RFC5702 is completely
clear on the subject.
Is it noted anywhere that algorithms > 5 imply NSEC3 support? If not, should we?
I suppose it is still open to DNSEXT to submit new algorithms which imply
NSEC only, but of course that is not expected to happen. (Anyway, 253 & 254
are "> 5" and there it's a matter for private agreement.)
--
Chris Thompson University of Cambridge Computing Service,
Email: c...@ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
