Ralph Dolmans

Test SHA1 usage DNSSEC

6

Test DNSSEC chain for SHA1 usage for DS and DNSKEY. Also test for 512-bit RSA KSK/ZSK. Also see: https://twitter.com/VDukhovni/status/978077604711411713

Secure zone detection using QTYPE=A before requesting TLSA record

2

Some nameservers wrongly reply with NOTIMP when receiving QTYPE=TLSA queries. This broken behaviour is known, the DANE SMTP RFC tries to limit the impact by mandating that an A or...

Template parsing insecure hash algorithm for certificate signatures

3

Parsing goes wrong, "Insecure hash algorithm" column shows things like: {'': 'sha1withrsaencryption'}

Integrate QNAME minimisation test in connection-test

2

Generalise DNSSEC item to DNS?

Hi. First of all, thanks for this work! While working with this code is noticed some unexpected behavior, which is caused by a difference between documentation and code. Not sure...