BIND 10 #1357: AXFR and AXFR-like IXFR in needs every message signed
BIND 10 Development
do-not-reply at isc.org
Fri Sep 7 09:05:43 UTC 2012
#1357: AXFR and AXFR-like IXFR in needs every message signed
-------------------------------------+-------------------------------------
Reporter: | Owner: UnAssigned
vorner | Status: reviewing
Type: | Milestone:
defect | Sprint-20120918
Priority: | Resolution:
medium | Sensitive: 0
Component: xfrin | Sub-Project: DNS
Keywords: | Estimated Difficulty: 5
Defect Severity: Low | Total Hours: 0
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Changes (by vorner):
* owner: vorner => UnAssigned
* status: accepted => reviewing
Comment:
Hello
It is ready for review. I had to modify XfrIn a little bit ‒ the spec says
the last message must be signed, but the context can hardly know if the
currently verified message is the last one. So the XfrIn needs to ask the
context if the last message was actually signed.
Other than that, the most of complexity is probably in the tests, since I
needed to generate the signed messages somehow.
I think this deserves a small changelog entry, something like:
{{{
[bug] vorner
The XfrIn now accepts transfers with some TSIG signatures ommited, as
allowed
per RFC2845, section 4.4. This solves a compatibility issues with Knot and
new
versions of NSD.
}}}
--
Ticket URL: <http://bind10.isc.org/ticket/1357#comment:9>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list