[nsd-users] DS algorithm as mnemonic

Dmitry Kohmanyuk dk at hostmaster.ua
Wed Feb 29 00:40:55 UTC 2012


On Feb 28, 2012, at 2:19 AM, Peter Koch wrote:

> On Tue, Feb 28, 2012 at 11:00:23AM +0100, Matthijs Mekking wrote:
> 
>> This is correct. NSD only had up to RSASHA1 in its dns algorithm
>> table. Newer algorithms were never added due to backwards
>> incompatibility concerns.
> 
> strictly speaking, section 5.3 of RFC 4034 limits the mnemonic
> representation to those present in that RFC's appendix and does
> not extend it to future (including those defined in 5702 and 5933)
> code point assignments.  From the point of view of an authoritative
> server this makes sense since it doesn't have to understand (or
> recognize) the algorithm used to properly serve the correct
> DNSKEY and RRSIG RRs.
> 
>> However, we could allow newer mnemonics when reading in a zone (more
>> user friendly), and when writing always print the unsigned integer
>> value (more consistent, backwards compatible).
> 
> +1 for the latter and 'not sure' about the former.  Another potential
> abuse of the robustness principle at the horizon ...

it would be consistent to always write numbers out;  also easier to compare with dig output.
Writing new names can cause problems with parsing of zone by other tools.

for reading, understanding of entire set of IANA-regjstered mnemonics feels like a right thing.
"Be liberate in what you accept..."  






More information about the nsd-users mailing list