diff options
author | Rob Austein <sra@hactrn.net> | 2021-07-24 01:00:09 +0000 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2021-07-24 01:01:01 +0000 |
commit | 6e916e6715b10627ac34b4439397308e5be2109a (patch) | |
tree | ceec03301adeab2a5c114e1a1e271c5d506cafb9 /pelican/content/DNSSEC-Requirements.md | |
parent | 4ce647bd96d624b10a4bd19c4c6104fea601b6a4 (diff) |
Clean up more links, convert to m.css theme (no JavaScript!)
Diffstat (limited to 'pelican/content/DNSSEC-Requirements.md')
-rw-r--r-- | pelican/content/DNSSEC-Requirements.md | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/pelican/content/DNSSEC-Requirements.md b/pelican/content/DNSSEC-Requirements.md new file mode 100644 index 0000000..cef61c4 --- /dev/null +++ b/pelican/content/DNSSEC-Requirements.md @@ -0,0 +1,103 @@ +Title: DNSSEC/Requirements +Author: trac +Date: 2016-12-15 22:44 + +# DNSSEC Requirements + +## Questions + + +- Should we even support SHA-1? +- GOST? + + +## Must implement + +Target DNSSEC Algorithms: + + +- RSA/SHA-256 (RFC 5702) +- RSA/SHA-512 (RFC 5702) + + +Algorithms: + + +- Hash: SHA-256 +- Hash: SHA-512 +- Sign: RSA + + +Required PKCS11 Mechs: + + +- CKM_RSA_PKCS_KEY_PAIR_GEN +- CKM_SHA256_RSA_PKCS +- CKM_SHA512_RSA_PKCS +- CKM_RSA_PKCS (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing) +- CKM_SHA256 +- CKM_SHA512 + + +## Should implement + +Target DNSSEC Algorithms: + + +- ECDSA/P-256/SHA-256 (RFC 6605) +- ECDSA/P-384/SHA-384 (RFC 6605) + + +Algorithms: + + +- Hash: SHA-256 +- Hash: SHA-384 +- Sign: P-256 +- Sign: P-384 + + +Required PKCS11 Mechs: + + +- CKM_EC_KEY_PAIR_GEN +- CKM_ECDSA_SHA256 +- CKM_ECDSA_SHA384 +- CKM_ECDSA (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing) +- CKM_SHA256 +- CKM_SHA384 + + +## May implement + +Target DNSSEC Algorithms: + + +- RSA/SHA-1 (RFC 3110) +- GOST (RFC 5933) + + +Algorithms: + + +- Hash: SHA-1 +- Sign: RSA + + + +- Hash: GOST R 34.11-94 (RFC5831) +- Sign: GOST R 34.10-2001 (RFC5832) + + +Required PKCS11 Mechs: + + +- CKM_RSA_PKCS_KEY_PAIR_GEN +- CKM_RSA_PKCS (possible cross-check hash with CKM_SHA_1) +- CKM_SHA1_RSA_PKCS +- CKM_SHA_1 + + + +- CKM_GOSTR3410_KEY_PAIR_GEN +- CKM_GOSTR3410_WITH_GOSTR3411 |