This repository has been archived by the owner on Jun 7, 2024. It is now read-only.
test 'Serial Number arithmetic' edge cases involving RRSIG's {inception,expiration}
fields
#60
Labels
dnssec
Conformance to DNSSEC RFCs
validating a RRSIG involves comparing the current time (seconds since UNIX_EPOCH) against the
{inception,expiration}
fields of the RRSIG (see section 5.3.1 of RFC4035). Section 3.1.5 of RFC4034 indicates that the{inception,expiration}
are not plain unsigned-integers but rather 'Serial Numbers' whose comparison logic in specified in RFC1982.we should test what the behavior of other DNS implementations is when the value of these 32-bit
{inception,expiration}
fields is1 << 31
seconds beyond UNIX_EPOCH,1 << 32
seconds beyond UNIX_EPOCH and even beyond that.The text was updated successfully, but these errors were encountered: