This repository has been archived by the owner on Jun 7, 2024. It is now read-only.
test 'Serial Number arithmetic' edge cases involving RRSIG's {inception,expiration} fields
#60
Labels
dnssec
Conformance to DNSSEC RFCs
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
validating a RRSIG involves comparing the current time (seconds since UNIX_EPOCH) against the
{inception,expiration}fields of the RRSIG (see section 5.3.1 of RFC4035). Section 3.1.5 of RFC4034 indicates that the{inception,expiration}are not plain unsigned-integers but rather 'Serial Numbers' whose comparison logic in specified in RFC1982.we should test what the behavior of other DNS implementations is when the value of these 32-bit
{inception,expiration}fields is1 << 31seconds beyond UNIX_EPOCH,1 << 32seconds beyond UNIX_EPOCH and even beyond that.The text was updated successfully, but these errors were encountered: