....Hello...just got access to this list...despite a long history with DNSSEC,
I had never tried OpenDNSSEC until last month...
In setting up a trial of opendnssec, I see " <Algorithm
length="2048">8</Algorithm> " in kasp.xml to set up a 2K RSA-SHA-256 key. I
want to change to Ed25519 ("15" according to the IANA registry for those
things), which I can do by changing the "8" above to "15".
My question- must I specify the length? I've tried looking for documentation
about the kasp.xml syntax, but cannot find anything since 2014, cannot find any
examples that use any non-RSA-based algorithm. That document said that
OpenDNSSEC could not do a algorithm roll over, but using OpenDNSSEC
2.something, I got it to work, so I suspect that documentation is way out of
date.
I managed to get a configuration to work for Ed25519, but not if I omit the
length nor if I set the length to 0.
I have the length set to "256" now, but it took a bit of web searching to find
that that ought to be the correct value, as the IETF document defining the
Ed25519 DNS Security Algorithm doesn't bother to mention the length! If I
recall, even when the length value was 2048 (because that was what the file had
initially), Ed25519 worked. (It seems that the parser doesn't like "no value"
or "0" for length, but anything else is ignored, maybe?)
For general information - is there a more-recent-than-2014 document for
kasp.xml? Is there a detailed spec for the "Algorithm" XML "key word"?
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
