[dns-operations] Edge-case, zero-length DNSKEYs

Viktor Dukhovni ietf-dane at dukhovni.org
Wed Oct 14 05:58:55 UTC 2020

> On Oct 14, 2020, at 2:18 AM, Brian Somers <bsomers at opendns.com> wrote:
> The calculation was hindered by the RFC saying:
>   The key tag for algorithm 1 (RSA/MD5) is defined differently from the
>   key tag for all other algorithms, for historical reasons.  For a
>   DNSKEY RR with algorithm 1, the key tag is defined to be the most
>   significant 16 bits of the least significant 24 bits in the public
>   key modulus (in other words, the 4th to last and 3rd to last octets
>   of the public key modulus).
> The piece before the parenthesis is correct.  The piece in parenthesis
> is blatantly wrong :(

Yes, this is covered in the errata:



More information about the dns-operations mailing list