Commit 7b5545b8 authored by Daniel Salzman's avatar Daniel Salzman

doc: remove DSA algorithm

parent b86ae37d
......@@ -33,8 +33,6 @@ support.
- RSA 1024-bit
- RSA 2048-bit
- RSA 4096-bit
- DSA 512-bit
- DSA 1024-bit
* - `Feitian ePass 2003 <http://www.ftsafe.com/product/epass/epass2003>`_
- |yes|
- |no|
......@@ -44,8 +42,6 @@ support.
- |yes|
- |yes|
- |no|
- |no|
- |no|
* - `SafeNet Network HSM (Luna SA 4) <http://www.safenet-inc.com/data-encryption/hardware-security-modules-hsms/luna-hsms-key-management/luna-sa-network-hsm/>`_
- |yes|
- |no|
......@@ -55,8 +51,6 @@ support.
- |yes|
- |yes|
- |yes|
- |no|
- |no|
* - `SoftHSM 2.0 <https://www.opendnssec.org/softhsm/>`_
- |yes|
- |yes|
......@@ -66,8 +60,6 @@ support.
- |yes|
- |yes|
- |yes|
- |yes|
- |yes|
* - `Trustway Proteccio NetHSM <http://www.bull.com/fr/cybers%C3%A9curit%C3%A9-trustway-proteccio-nethsm>`_
- |yes|
- ECDSA only
......@@ -77,8 +69,6 @@ support.
- |yes|
- |yes|
- |yes|
- |no|
- |no|
.. in progress: key ID checks have to be disabled in code
* - `Yubikey NEO <https://www.yubico.com/products/yubikey-hardware/yubikey-neo/>`_
......@@ -90,8 +80,6 @@ support.
- |yes|
- |yes|
- |no|
- |no|
- |no|
The following table summarizes supported DNSSEC algorithm numbers and minimal
GnuTLS library version required. Any algorithm may work with older library,
......@@ -113,6 +101,3 @@ however the supported operations may be limited (e.g. private key import).
* - RSA
- 5, 7, 8, 10
- 3.4.6 or newer
* - DSA
- 3, 6
- 3.4.10 or newer
......@@ -548,7 +548,7 @@ policy:
keystore: STR
manual: BOOL
single\-type\-signing: BOOL
algorithm: dsa | rsasha1 | dsa\-nsec3\-sha1 | rsasha1\-nsec3\-sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384 | ed25519
algorithm: rsasha1 | rsasha1\-nsec3\-sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384 | ed25519
ksk\-size: SIZE
zsk\-size: SIZE
ksk\-shared: BOOL
......@@ -612,7 +612,7 @@ Ed25519 algorithm is only available when compiled with GnuTLS 3.6.0+.
A length of newly generated KSK or
CSK keys.
.sp
\fIDefault:\fP 1024 (dsa*), 2048 (rsa*), 256 (ecdsap256), 384 (ecdsap384), 256 (ed25519)
\fIDefault:\fP 2048 (rsa*), 256 (ecdsap256), 384 (ecdsap384), 256 (ed25519)
.SS zsk\-size
.sp
A length of newly generated ZSK keys.
......
......@@ -622,7 +622,7 @@ DNSSEC policy configuration.
keystore: STR
manual: BOOL
single-type-signing: BOOL
algorithm: dsa | rsasha1 | dsa-nsec3-sha1 | rsasha1-nsec3-sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384 | ed25519
algorithm: rsasha1 | rsasha1-nsec3-sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384 | ed25519
ksk-size: SIZE
zsk-size: SIZE
ksk-shared: BOOL
......@@ -698,7 +698,7 @@ ksk-size
A length of newly generated :abbr:`KSK (Key Signing Key)` or
:abbr:`CSK (Combined Signing Key)` keys.
*Default:* 1024 (dsa*), 2048 (rsa*), 256 (ecdsap256), 384 (ecdsap384), 256 (ed25519)
*Default:* 2048 (rsa*), 256 (ecdsap256), 384 (ecdsap384), 256 (ed25519)
.. _policy_zsk-size:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment