Commit 60a0b6c5 authored by Daniel Salzman's avatar Daniel Salzman

conf: tune DNSSEC algorithm names

parent 9e856930
......@@ -487,7 +487,7 @@ policy:
\- id: STR
keystore: STR
manual: BOOL
algorithm: dsa | rsasha1 | dsansec3sha1 | rsasha1nsec3sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384
algorithm: dsa | rsasha1 | dsa\-nsec3\-sha1 | rsasha1\-nsec3\-sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384
ksk\-size: SIZE
zsk\-size: SIZE
dnskey\-ttl: TIME
......@@ -521,17 +521,17 @@ If enabled, automatic key management is not used.
.sp
An algorithm of signing keys and issued signatures.
.sp
\fIDefault:\fP ECDSA\-P256\-SHA256
\fIDefault:\fP ecdsap256sha256
.SS ksk\-size
.sp
A length of newly generated KSK keys.
.sp
\fIDefault:\fP 256 (algorithm dependent)
\fIDefault:\fP 1024 (dsa*), 2048 (rsa*), 256 (ecdsap256*), 384 (ecdsap384*)
.SS zsk\-size
.sp
A length of newly generated ZSK keys.
.sp
\fIDefault:\fP 256 (algorithm dependent)
\fIDefault:\fP see default for \fI\%ksk\-size\fP
.SS dnskey\-ttl
.sp
A TTL value for DNSKEY records added into zone apex.
......
......@@ -545,7 +545,7 @@ DNSSEC policy configuration.
- id: STR
keystore: STR
manual: BOOL
algorithm: dsa | rsasha1 | dsansec3sha1 | rsasha1nsec3sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384
algorithm: dsa | rsasha1 | dsa-nsec3-sha1 | rsasha1-nsec3-sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384
ksk-size: SIZE
zsk-size: SIZE
dnskey-ttl: TIME
......@@ -591,7 +591,7 @@ algorithm
An algorithm of signing keys and issued signatures.
*Default:* ECDSA-P256-SHA256
*Default:* ecdsap256sha256
.. _policy_ksk-size:
......@@ -600,7 +600,7 @@ ksk-size
A length of newly generated :abbr:`KSK (Key Signing Key)` keys.
*Default:* 256 (algorithm dependent)
*Default:* 1024 (dsa*), 2048 (rsa*), 256 (ecdsap256*), 384 (ecdsap384*)
.. _policy_zsk-size:
......@@ -609,7 +609,7 @@ zsk-size
A length of newly generated :abbr:`ZSK (Zone Signing Key)` keys.
*Default:* 256 (algorithm dependent)
*Default:* see default for :ref:`ksk-size<policy_ksk-size>`
.. _policy_dnskey-ttl:
......
......@@ -60,8 +60,8 @@ static const knot_lookup_t tsig_key_algs[] = {
static const knot_lookup_t dnssec_key_algs[] = {
{ DNSSEC_KEY_ALGORITHM_DSA_SHA1, "dsa" },
{ DNSSEC_KEY_ALGORITHM_RSA_SHA1, "rsasha1" },
{ DNSSEC_KEY_ALGORITHM_DSA_SHA1_NSEC3, "dsansec3sha1" },
{ DNSSEC_KEY_ALGORITHM_RSA_SHA1_NSEC3, "rsasha1nsec3sha1" },
{ DNSSEC_KEY_ALGORITHM_DSA_SHA1_NSEC3, "dsa-nsec3-sha1" },
{ DNSSEC_KEY_ALGORITHM_RSA_SHA1_NSEC3, "rsasha1-nsec3-sha1" },
{ DNSSEC_KEY_ALGORITHM_RSA_SHA256, "rsasha256" },
{ DNSSEC_KEY_ALGORITHM_RSA_SHA512, "rsasha512" },
{ DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256, "ecdsap256sha256" },
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment