Zitat von Paul Wouters <[email protected]>:
On Tue, 9 Nov 2010, [email protected] wrote:
Is GOST a supported cipher for DNSSEC or will it be some time in the future?
It's fully suported in the RFC's includig its algorithm number.
I guess a validating resolver is supposed to treat results as
unsigned/unsecure if it find a algorithm it can not process?
As far as i can see it is only available in openssl 1.x or newer
and for the next few years this will probably not be the standard
on Unix. So most of us have to use "--disable-gost" anyway...
I have not yet packaged things up, but I assume there is detection
in ./configure
for this.
Yes that's how i noticed..
Red Hat strips out all ECC related routines in openssl, so even on
rhel/centos 6
there will be no gost if using the stock openssl package. I'm
looking at seeing
if it is possible to add a sub package (openssl-gost) that just has the gost
engine, but that will require some time to see how compatible that
is with the
"stripping" used in Red Hat.
That's why software patents are bad as hell....
Regards
Andreas
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
