In message <4ffa2871.2020...@dougbarton.us>, Doug Barton writes:
> On 07/08/2012 17:33, Matthew Pounsett wrote:
> > 
> > On 2012/07/08, at 20:29, Matthew Pounsett wrote:
> > 
> >>
> >> On 2012/07/08, at 20:26, Mark Andrews wrote:
> >>
> >>>
> >>> One can also build named w/o GOST support if one wants.  We statically
> >>> link all the engines when building named on Windows.
> >>
> >> Unfortunately the port doesn't provide the config hooks to disable GOST 
> >> support.
> > 
> > Actually.. how do you go about doing that anyway?  I was just taking a look 
> > at writing a patch for the port to allow GOST to
>  be turned off, but BIND's configure script doesn't have any information in 
> it about disabling individual ciphers.
> 
> I wouldn't accept it anyway. For better or worse, GOST is part of the
> protocol.
> 
> Doug

GOST is not a manditory part of DNSSEC.  It is entirely optional
whether a site supports it or not.  If a site doesn't support GOST
then the zone is treated as insecure.  It doesn't break anything
to disable GOST support.  This is no worse that deciding whether
to link with OpenSSL or not.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to