Hack images, store outputs in git again for now

Easier to track what each script change does if we keep the before and
after versions of the markdown in git too.  Clean this up eventually,
but simplifies development.

1 files changed, 99 insertions, 0 deletions

diff --git a/markdown/DNSSEC%2FRequirements.md b/markdown/DNSSEC%2FRequirements.md
new file mode 100644
index 0000000..36b1152
--- /dev/null
+++ b/markdown/DNSSEC%2FRequirements.md
@@ -0,0 +1,99 @@
+# DNSSEC Requirements
+
+## Questions
+
+
+- Should we even support SHA-1?
+- GOST?
+
+
+## Must implement
+
+Target DNSSEC Algorithms:
+
+
+- RSA/SHA-256 (RFC 5702)
+- RSA/SHA-512 (RFC 5702)
+
+
+Algorithms:
+
+
+- Hash: SHA-256
+- Hash: SHA-512
+- Sign: RSA
+
+
+Required PKCS11 Mechs:
+
+
+- CKM_RSA_PKCS_KEY_PAIR_GEN
+- CKM_SHA256_RSA_PKCS
+- CKM_SHA512_RSA_PKCS
+- CKM_RSA_PKCS (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing)
+- CKM_SHA256
+- CKM_SHA512
+
+
+## Should implement
+
+Target DNSSEC Algorithms:
+
+
+- ECDSA/P-256/SHA-256 (RFC 6605)
+- ECDSA/P-384/SHA-384 (RFC 6605)
+
+
+Algorithms:
+
+
+- Hash: SHA-256
+- Hash: SHA-384
+- Sign: P-256
+- Sign: P-384
+
+
+Required PKCS11 Mechs:
+
+
+- CKM_EC_KEY_PAIR_GEN
+- CKM_ECDSA_SHA256
+- CKM_ECDSA_SHA384
+- CKM_ECDSA (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing)
+- CKM_SHA256
+- CKM_SHA384
+
+
+## May implement
+
+Target DNSSEC Algorithms:
+
+
+- RSA/SHA-1 (RFC 3110)
+- GOST (RFC 5933)
+
+
+Algorithms:
+
+
+- Hash: SHA-1
+- Sign: RSA
+
+
+
+- Hash: GOST R 34.11-94 (RFC5831)
+- Sign: GOST R 34.10-2001 (RFC5832)
+
+
+Required PKCS11 Mechs:
+
+
+- CKM_RSA_PKCS_KEY_PAIR_GEN
+- CKM_RSA_PKCS (possible cross-check hash with CKM_SHA_1)
+- CKM_SHA1_RSA_PKCS
+- CKM_SHA_1
+
+
+
+- CKM_GOSTR3410_KEY_PAIR_GEN
+- CKM_GOSTR3410_WITH_GOSTR3411