Skip to content
This repository has been archived by the owner on Jun 7, 2024. It is now read-only.

test 'Serial Number arithmetic' edge cases involving RRSIG's {inception,expiration} fields #60

Open
japaric opened this issue May 15, 2024 · 0 comments
Labels
dnssec Conformance to DNSSEC RFCs

Comments

@japaric
Copy link
Collaborator

japaric commented May 15, 2024

validating a RRSIG involves comparing the current time (seconds since UNIX_EPOCH) against the {inception,expiration} fields of the RRSIG (see section 5.3.1 of RFC4035). Section 3.1.5 of RFC4034 indicates that the {inception,expiration} are not plain unsigned-integers but rather 'Serial Numbers' whose comparison logic in specified in RFC1982.

we should test what the behavior of other DNS implementations is when the value of these 32-bit {inception,expiration} fields is 1 << 31 seconds beyond UNIX_EPOCH, 1 << 32 seconds beyond UNIX_EPOCH and even beyond that.

@japaric japaric added the dnssec Conformance to DNSSEC RFCs label May 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dnssec Conformance to DNSSEC RFCs
Projects
None yet
Development

No branches or pull requests

1 participant