Date: Sat, 25 Jul 2020 03:28:33 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 248239] local_unbound: Fails to resolve europris.no fail after 11.3->11.4 upgrade Message-ID: <bug-248239-7501-FyBtf4YWti@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-248239-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-248239-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248239 --- Comment #8 from Viktor Dukhovni <ietf-dane@dukhovni.org> --- The authoritative text covering unsupported DS algorithms is: https://tools.ietf.org/html/rfc4035#section-5.2) where we see (https://tools.ietf.org/html/rfc4035#page-27) If the validator does not support any of the algorithms listed in an authenticated DS RRset, then the resolver has no supported authentication path leading from the parent to the child. The resolver should treat this case as it would the case of an authenticated NSEC RRset proving that no DS RRset exists, as described above. So a resolver that does not support ed25519 should be able to resolve the reported zone, treating it as insecure. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248239-7501-FyBtf4YWti>