Commit Diff
Diff:
3efdc84d7730191222acc856b0fcc2652fbe6b6d
d0856f625245ca33c7a36dde8dbb1c1e7534c18f
Commit:
d0856f625245ca33c7a36dde8dbb1c1e7534c18f
Tree:
eba8fe5259877e02a782c028d37078e94d5408ee
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Wed Mar 4 17:39:18 2020 UTC
Message:
switch default key algorithm to ECDSAP256SHA256 (alg 13) update CHANGES, README, and TODO reflecting this and other changes
blob - 8107140e9a061fe2ab13bb34c2a375ee4a3780ee
blob + 3adfeda37e260bcf5b4514ceabdfefa33808fa8c
--- CHANGES
+++ CHANGES
@@ -1,6 +1,8 @@
Changes in RELEASE_1_5 from RELEASE_1_4
-- none yet
+- implement a double-signature rollover method
+- allow ZSK and KSK keys to be created without signing
+- switch default algorithm to alg 13 (elliptic curve) instead of alg 8 (RSA)
Changes in RELEASE_1_4 from RELEASE_1_3
blob - c2d98ffc45c6f3a36087c6ae11db31ba8e5ec45c
blob + a52bd1152d51e1a18c315430659a16955f9f5c28
--- README
+++ README
@@ -1,4 +1,4 @@
-$Id: README,v 1.42 2020/01/01 16:45:42 pjp Exp $
+$Id: README,v 1.43 2020/03/04 17:39:18 pjp Exp $
1. README
1.1 AUTHOR(S)
@@ -257,9 +257,9 @@ Here is an example zone entry for ip6.centroid.eu:
--------------------------------------------------
Currently only 4 algorithms are supported. There is RSASHA1-NSEC3-SHA1
-which has algorithm 7, there is RSASHA256 which has algorithm 8 (the default),
+which has algorithm 7, there is RSASHA256 which has algorithm 8,
and there is RSASHA512 which has algorithm 10. Finally the ECDSAP256SHA256
-algorithm (alg 13), is supported.
+algorithm (alg 13) (is now default), is supported.
6.6 What happened to dd-convert
-------------------------------
blob - f52be8d565cbd38ba21b5428993202b20d301083
blob + 9f88cd7e10a71789bf691f954a397ef8d145da9e
--- TODO
+++ TODO
@@ -6,8 +6,9 @@ For 1.5.0 release
the set requires per RFC 2181 section 5.2 to be the same in the RRset.
- CAA RR support
- a github mirrored copy
-- an OpenBSD port/package starting with 1.4 release
+- an OpenBSD port/package starting with 1.4.1 release [IN THE WORKS]
- fix the DNSSEC and delphinusdnsd(?) code so that an algorithm rollover works
+ [POSSIBLY DONE]
- filter input to dddctl query for escape codes.
For 1.4.0 release
blob - a4803c14f942828bc0f72289de0e1309fec37cb2
blob + b87a1bc3699e3838e4b3e88c57c381672d45afe5
--- dddctl.c
+++ dddctl.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: dddctl.c,v 1.101 2020/03/04 17:27:35 pjp Exp $
+ * $Id: dddctl.c,v 1.102 2020/03/04 17:39:18 pjp Exp $
*/
#include <sys/param.h>
@@ -428,7 +428,7 @@ signmain(int argc, char *argv[])
int create_zsk = 0;
int create_ksk = 0;
int rollmethod = ROLLOVER_METHOD_PRE_PUBLICATION;
- int algorithm = ALGORITHM_RSASHA256;
+ int algorithm = ALGORITHM_ECDSAP256SHA256;
int expiry = DEFAULT_EXPIRYTIME;
int iterations = 10;
u_int32_t mask = (MASK_PARSE_FILE | MASK_ADD_DNSKEY | MASK_CONSTRUCT_NSEC3 | MASK_CALCULATE_RRSIGS | MASK_CREATE_DS | MASK_DUMP_DB);
repomaster@centroid.eu