Internet.nl icon indicating copy to clipboard operation
Internet.nl copied to clipboard

Published 20 hours ago verified publisher icon internetstandards

Test for used DNSSEC algo's

Open halderen opened this issue 9 years ago • 9 comments

halderen avatar Oct 21 '15 22:10 halderen

However when displaying algorithm, bits, etcetera, this probably needs to be explained to end-users. How to properly explain this (with how much better/worse with pros and cons) to laymen?

halderen avatar Dec 07 '15 14:12 halderen

Decided by steeringcmte on 2017-01-19 to more issue into icebox because of above concerns.

halderen avatar Jan 23 '17 10:01 halderen

Also see: https://twitter.com/VDukhovni/status/978077604711411713

baknu avatar Mar 26 '18 07:03 baknu

This regards the website and mail test. See: https://tools.ietf.org/html/rfc8624

baknu avatar Jul 28 '20 13:07 baknu

See also #184

baknu avatar Jul 28 '20 13:07 baknu

Example where a warning/info would be nice:

Use of algo 10 https://dnsviz.net/d/mijn.overheid.nl/ZKfLWg/dnssec/ https://internet.nl/site/mijn.overheid.nl/2197432/#control-panel-6

WKobes avatar Jul 07 '23 08:07 WKobes

There's an RFC for that:

https://datatracker.ietf.org/doc/html/rfc8624

mdavids avatar Jul 07 '23 08:07 mdavids

@gthess Could Unbound provide information on the algorithm used?

baknu avatar Jul 07 '23 10:07 baknu

The information is in the DNS, you can make a query (to Unbound) for the DNSKEYs for example. And then check the printed RDATA. Similar to what is being done for the DANE test IIRC.

gthess avatar Jul 07 '23 10:07 gthess