On 1/31/19 4:57 PM, Mark Andrews wrote:
> Given type 1 is a SHA-1 fingerprint it isn’t legal. Named just
> hasn’t added type to length to the parsing code.
>
> No real SSHFP will be 1 octet long.
While I agree that it's junk, the RFC doesn't give the DNS software the
ability to make that decision from my reading.
There is nothing in the RFC about validating the correctness of the data:
--
The RDATA of the presentation format of the SSHFP resource record
consists of two numbers (algorithm and fingerprint type) followed by
the fingerprint itself, presented in hex, e.g.:
host.example. SSHFP 2 1 123456789abcdef67890123456789abcdef67890
--
AlanC
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
