20 Kvě
2018
20 Kvě
'18
0:16
On 05/19/2018 11:50 PM, dptrash(a)arcor.de wrote:
I am using ecdsap256sha256 as algorithm. Why does the
KSK DNSKEY > (=257) use as digest type SHA1 (=1) and not SHA256 (=2)?
Technically, the DNSKEY algorithm is independent of the DS algorithm
used on it, I believe, though some combinations make less sense than
others. Your example seems more of a question for jdnssec-tools - why
they choose SHA1 and not another one.
--Vladimir