thebluematt / dnssec-prover Goto Github PK
View Code? Open in Web Editor NEWLicense: Other
License: Other
Wildcard records require a non-existence proof either NSEC
or NSEC3
to prove no exact match exists which is not included in AuthenticationChain
created by this library. Standard DNSSEC validators would consider such chains bogus
.
Let's say I want secret.buffrr.dev
to use some certificate while everything else *.buffrr.dev
to use another certificate, I could add the following records to my zone:
_443._tcp.secret.buffrr.dev TLSA ....
*.buffrr.dev TLSA ....
Using the validator in this library, I could fool it into accepting the TLSA record labelled *.buffrr.dev
for _443._tcp.secret.buffrr.dev
while a standard DNSSEC validator would not. If an RRSIG is covering a wildcard (determined by number of labels), then NSECs
or NSEC3s
are required in the AuthenticationChain
to prove no exact match exists.
Since this BIP requires following the RFC, I would suggest either fixing it or perhaps reconsidering support for wildcard records. Otherwise, it won't be compatible with all the validators out there unless every integration of the BIP uses this exact implementation.
I appreciate the effort put into developing this library and making it generic enough for other use cases. I just gave it a quick pass but will try to go deeper once I have some time since i'm considering it for other projects. Btw RFC-9102 includes some test vectors in the appendix that might be helpful.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.