[dns-operations] Edge-case, zero-length DNSKEYs
Viktor Dukhovni
ietf-dane at dukhovni.org
Wed Oct 14 05:58:55 UTC 2020
> On Oct 14, 2020, at 2:18 AM, Brian Somers <bsomers at opendns.com> wrote:
>
> The calculation was hindered by the RFC saying:
>
> The key tag for algorithm 1 (RSA/MD5) is defined differently from the
> key tag for all other algorithms, for historical reasons. For a
> DNSKEY RR with algorithm 1, the key tag is defined to be the most
> significant 16 bits of the least significant 24 bits in the public
> key modulus (in other words, the 4th to last and 3rd to last octets
> of the public key modulus).
>
> The piece before the parenthesis is correct. The piece in parenthesis
> is blatantly wrong :(
Yes, this is covered in the errata:
https://www.rfc-editor.org/errata/eid193
--
Viktor.
More information about the dns-operations
mailing list