On Dec 15 2009, Doug Barton wrote:
While this reminder is timely and helpful, more welcome would be the news that BIND 9.6.2 is going to have actual support for RSASHA{256|512}. My cursory reading of the 9.6.2b1 code does not seem to indicate that it does, although I would be happy to be proven wrong.I personally don't think it's reasonable to expect everyone who wants to validate with BIND to upgrade to 9.7.x for a variety of reasons that I'd be happy to elucidate if they are not obvious.
Quoting from https://lists.isc.org/pipermail/bind-users/2009-October/077853.html (me)
Will you be adding RSASHA256 support in the 9.5.x and 9.6.x series? It might be a bit optimistic to expect everyone to move to 9.7.x by 2010-07-01, if that's when the root zone is going to be *really* signed (with RSASHA256, according to current reports).
(Evan Hunt)
Not 9.5.x, as it lacks NSEC3 support. Adding SHA-2 to 9.6.x would violate our policy of making major functional changes only in major releases, so I don't expect we'll do that. Given the odd circumstances you mentioned, I won't say for certain that we won't--but I doubt it. 9.7.0 is going to be final in a little over a month, which is fortunate timing.
(But it's not too obvious to me that adding support for a new signing algorithm should necessarily be considered a "major functional change".) -- Chris Thompson Email: [email protected] _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
