In message <can6ntqxxnyik75rf1e9fkch3cb8d5fqf6hkswxtxk_gyxcq...@mail.gmail.com>, =?UTF-8?B?w5NsYWZ1ciBHdcOwbXVuZHNzb24=?= writes: > I will be happy to do that, stay tuned as I need to create a special > signer for it :-) > > Olafur
dnssec-signzone + awk + dnssec-dsfromkey works well. e.g. awk '$4 == "RRSIG" && $6 == 8 { $6 = 99 } $4 == "DNSKEY" && $7 == 8 { $7 = 99} { print }' Mark > On Sun, Oct 16, 2016 at 4:16 AM, Mikael Abrahamsson <swm...@swm.pp.se> > wrote: > > > On Sat, 15 Oct 2016, =C3=93lafur Gu=C3=B0mundsson wrote: > > > > I have domains signed by all combinations of signing algorithms and DS > >> digests as well as Nsec variants > >> Ds-n.alg-m-nsec.dnssec-test.org > >> > >> Replace n with 1..4 > >> M with 1..14 > >> Nsec is one of Nsec nsec3 none > >> > > > > I'd be veryinterested if you could create an algorithm called "99" (or > > something), and we could test that. Anyone not loading the "99" resource = > is > > violating the "SHOULD", even if they understand ECDSA. > > > > This would investigate ratio of problems when we want to introduce a new > > algorithm in the future. > > > > > > -- > > Mikael Abrahamsson email: swm...@swm.pp.se > > > > --94eb2c0cd28c3de9dd053efdf57f > Content-Type: text/html; charset=UTF-8 > Content-Transfer-Encoding: quoted-printable > > <div dir=3D"ltr">I will be happy to do that, =C2=A0stay tuned as I need to = > create a special signer for it :-)=C2=A0<div><br></div><div>Olafur</div><di= > v><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote"= > >On Sun, Oct 16, 2016 at 4:16 AM, Mikael Abrahamsson <span dir=3D"ltr"><= > <a href=3D"mailto:swm...@swm.pp.se"; target=3D"_blank">swm...@swm.pp.se</a>&= > gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 = > 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=3D"">On Sat= > , 15 Oct 2016, =C3=93lafur Gu=C3=B0mundsson wrote:<br> > <br> > <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= > x #ccc solid;padding-left:1ex"> > I have domains signed by all combinations of signing algorithms and DS<br> > digests as well as Nsec variants<br> > <a href=3D"http://Ds-n.alg-m-nsec.dnssec-test.org"; rel=3D"noreferrer" targe= > t=3D"_blank">Ds-n.alg-m-nsec.dnssec-test.or<wbr>g</a><br> > <br> > Replace n with 1..4<br> > M with 1..14<br> > Nsec is one of Nsec nsec3 none<br> > </blockquote> > <br></span> > I'd be veryinterested if you could create an algorithm called "99&= > quot; (or something), and we could test that. Anyone not loading the "= > 99" resource is violating the "SHOULD", even if they underst= > and ECDSA.<br> > <br> > This would investigate ratio of problems when we want to introduce a new al= > gorithm in the future.<div class=3D"HOEnZb"><div class=3D"h5"><br> > <br> > -- <br> > Mikael Abrahamsson=C2=A0 =C2=A0 email: <a href=3D"mailto:swm...@swm.pp.se"; = > target=3D"_blank">swm...@swm.pp.se</a></div></div></blockquote></div><br></= > div> > > --94eb2c0cd28c3de9dd053efdf57f-- > > > --===============9042271128241020298== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > --===============9042271128241020298==-- > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop