~lukeshu/systemd - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2015-12-03	resolved: make expiration error recognizable	Lennart Poettering

2015-12-03	resolved: support the RSASHA1_NSEC3_SHA1 pseudo-algorithm	Lennart Poettering
	RSASHA1_NSEC3_SHA1 is an alias for RSASHA1, used to do NSEC3 feature negotiation. While verifying RRsets there's no difference, hence support it here.
2015-12-03	resolved: don't accept expired RRSIGs	Lennart Poettering

2015-12-02	resolved: add basic DNSSEC support	Lennart Poettering
	This adds most basic operation for doing DNSSEC validation on the client side. However, it does not actually add the verification logic to the resolver. Specifically, this patch only includes: - Verifying DNSKEY RRs against a DS RRs - Verifying RRSets against a combination of RRSIG and DNSKEY RRs - Matching up RRSIG RRs and DNSKEY RRs - Matching up RR keys and RRSIG RRs - Calculating the DNSSEC key tag from a DNSKEY RR All currently used DNSSEC combinations of SHA and RSA are implemented. Support for MD5 hashing and DSA or EC cyphers are not. MD5 and DSA are probably obsolete, and shouldn't be added. EC should probably be added eventually, if it actually is deployed on the Internet.