Stable Release Updates types proposal (was Re: Fedora Board Meeting Recap 2010-03-11)
Paul Wouters
paul at xelerance.com
Fri Mar 12 02:05:45 UTC 2010
On Thu, 11 Mar 2010, Paul Wouters wrote:
>> Is ARPA expecting everyone to upgrade to a sha256 supporting bind
>> immediately? There's no migration window?
>
> If someone has dnssec enabled in bind including DLV, then the key will be
> found and its use will be attempted. I am not sure what happens on an older
> bind 9.6.1 when that happens. One will hope it will just continue to be
> treated as "insecure" and not as "bogus" (aka servfail). I have not tested
> this.
Just for the record, 9.6.1 was patched so unknown algs go "insecure", so this
is not an issue. Sorry to distract from the main focus of this discussion with
a bad example.
Paul
More information about the devel
mailing list