Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support key rollover in IANA trust anchors #85

Open
gnarea opened this issue Nov 23, 2022 · 0 comments
Open

Support key rollover in IANA trust anchors #85

gnarea opened this issue Nov 23, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@gnarea
Copy link
Member

gnarea commented Nov 23, 2022
edited
Loading

Describe the problem

Trust anchors currently don't have a "validity period", which means that next time IANA initiates a key rollover and we include the new DS RDATA in newer versions of this library, the old DS may eventually remain valid past its expiry in apps running old versions of this library.

Describe the solution you'd like

Add optional inceptionDate and expiryDate fields to our TrustAnchor, and use them:

dnssec-js/src/lib/TrustAnchor.ts

Lines 4 to 9 in ef0b795

export interface TrustAnchor {
readonly keyTag: number;
readonly algorithm: DnssecAlgorithm;
readonly digestType: DigestType;
readonly digest: Buffer;
}

Additional context

I don't think I've seen this feature in other DNSSEC implementations. dnsjava definitely doesn't support it.
@gnarea gnarea added the enhancement New feature or request label Nov 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gnarea