Open halderen opened 8 years ago
Decided by steeringcmte on 2017-01-19 to more issue into icebox because of above concerns.
This regards the website and mail test. See: https://tools.ietf.org/html/rfc8624
See also #184
Example where a warning/info would be nice:
Use of algo 10 https://dnsviz.net/d/mijn.overheid.nl/ZKfLWg/dnssec/ https://internet.nl/site/mijn.overheid.nl/2197432/#control-panel-6
There's an RFC for that:
@gthess Could Unbound provide information on the algorithm used?
The information is in the DNS, you can make a query (to Unbound) for the DNSKEYs for example. And then check the printed RDATA. Similar to what is being done for the DANE test IIRC.
However when displaying algorithm, bits, etcetera, this probably needs to be explained to end-users. How to properly explain this (with how much better/worse with pros and cons) to laymen?