19 Kvě
2018
19 Kvě
'18
23:50
Hello
I am using ecdsap256sha256 as algorithm. Why does the KSK DNSKEY (=257) use as digest type
SHA1 (=1) and not SHA256 (=2)?
For example:
dig DNSKEY nic.cz | grep 257
nic.cz. 871 IN
DNSKEY 257 3 13 LM4zvjUgZi2XZKsYooDE0HFYGfWp242fKB+O8sLsuox8S6MJTowY8lBD
jZD7JKbmaNot3+1H8zU9TrDzWmmHwQ==
dig DNSKEY nic.cz | grep 257 > dnspub.key
jdnssec-dstool dnspub.key
nic.cz. 868 IN DS 61281 13 1
091CECC4D2AADB7AC8C4DF413DDF9C5B0B61E5B6
Regards
dp