validation of DSA signatures

Jan Včelák jan.vcelak at nic.cz
Wed Jan 13 14:14:04 UTC 2016


Hello.

On Wednesday, January 13, 2016 02:51:12 PM W.C.A. Wijngaards wrote:
> These signatures are produced by (an old?) signer.  Unbound is
> compatible with its quirks.  DSA is almost not deployed at all for
> DNSSEC, and the signer may already have been fixed for a long time.
> Unbound is compatible to remove false-positives from validation
> failures as much as possible.

That makes sense. Thank you for explanation.

Cheers,

Jan



More information about the Unbound-users mailing list