From owner-freebsd-net@freebsd.org  Sat Jul 25 03:28:33 2020
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id AE46F37BE63
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Sat, 25 Jul 2020 03:28:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 4BDBNx4DJcz4dZb
 for <freebsd-net@freebsd.org>; Sat, 25 Jul 2020 03:28:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.nyi.freebsd.org (Postfix)
 id 9110E37BCF1; Sat, 25 Jul 2020 03:28:33 +0000 (UTC)
Delivered-To: net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 90DA637C18E
 for <net@mailman.nyi.freebsd.org>; Sat, 25 Jul 2020 03:28:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BDBNx3MpTz4dcs
 for <net@FreeBSD.org>; Sat, 25 Jul 2020 03:28:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:1d])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 538CE15425
 for <net@FreeBSD.org>; Sat, 25 Jul 2020 03:28:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06P3SXFX087781
 for <net@FreeBSD.org>; Sat, 25 Jul 2020 03:28:33 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06P3SX1x087780
 for net@FreeBSD.org; Sat, 25 Jul 2020 03:28:33 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 248239] local_unbound: Fails to resolve europris.no fail after
 11.3->11.4 upgrade
Date: Sat, 25 Jul 2020 03:28:33 +0000
X-Bugzilla-Reason: AssignedTo CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 11.4-RELEASE
X-Bugzilla-Keywords: needs-qa, regression
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ietf-dane@dukhovni.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: Not A Bug
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-248239-7501-FyBtf4YWti@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-248239-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-248239-7501@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2020 03:28:33 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248239

--- Comment #8 from Viktor Dukhovni <ietf-dane@dukhovni.org> ---
The authoritative text covering unsupported DS algorithms is:

  https://tools.ietf.org/html/rfc4035#section-5.2)

where we see (https://tools.ietf.org/html/rfc4035#page-27)

  If the validator does not support any of the algorithms listed in an
  authenticated DS RRset, then the resolver has no supported
  authentication path leading from the parent to the child.  The
  resolver should treat this case as it would the case of an
  authenticated NSEC RRset proving that no DS RRset exists, as
  described above.

So a resolver that does not support ed25519 should be able to resolve the
reported zone, treating it as insecure.

--=20
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.=