3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

3 commits

Author SHA1 Message Date
Vladimír Čunát c4a5565e7a
dns-root-data: the old KSK is dead!
Long live... eh, I hope the new KSK won't live as long as the old one.
Anyway, it doesn't really matter how fast people update this.
https://www.ietf.org/mail-archive/web/dnsop/current/msg24989.html
See RFC 5011 for details of the protocol.

I re-tested validation with both of these files, to be sure.
2019-01-11 16:47:02 +01:00
Vladimír Čunát 338a195204
dns-root-data: improve determinism, clear key status
Nitpicks:
- The timestamps there were useless.
- The generator now switched the two keys; I don't know why.

I intentionally remove the comments like "state=1 [ ADDPEND ]".
The problem is that keys e.g. in ADDPEND state are *not* immediately
usable for validation - see RFC5011 for details.  I verified that Unbound
does disregard this on the format we and Debian use ATM, presumably due
to removing parts of the comments, but it would be confusing nevertheless.
2017-07-15 10:38:01 +02:00
Franz Pletz 3bb9954a6b
dns-root-data: init at 2017-06-16 2017-07-12 09:45:25 +02:00