* on the Wed, Nov 11, 2015 at 06:36:20PM +0000, Viktor Dukhovni wrote: > On Wed, Nov 11, 2015 at 09:28:56AM +0000, Mike Cardwell wrote:
>> I wrote an overview of how it works a while ago on my blog which a few >> people have told me helped with their understanding: >> >> https://grepular.com/Understanding_DNSSEC > Thanks for publishing! A couple of the items are a bit dated since > you originally wrote them. Quote: Yeah, that post is a few years old. > The ".ru" domain is now signed. Any chance you're willing to > refresh the document to bring it up to date? > The examples use algorithm "5" (RSASHA1) which is now dated, most > sites should use "8" (RSASHA256) these days. Also most BIND sites > should probably use "auto-dnssec maintain", ... > > So the document in its current form is a bit too old to be immediately > useful. It could do with being brought up to date yes. I'll write a new post next week and put a link to it at the top of the old one. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
