algorithm
Click on the red underlined text to get to the source
... RRset using at least one DNSKEY of
each algorithm in the zone apex DNSKEY RRset. The apex DNSKEY ...
... the name server is authoritative for the zone that would have held
the non-existent RRsets matching SNAME. The algorithm below is
written for clarity, not for efficiency.
...
... proves that no RRsets exist with owner name N.
The algorithm for finding the NSEC RR that proves that a given name
is not covered by any applicable wildcard ...
... is not covered by any applicable wildcard is similar but requires an
extra step. More precisely, the algorithm for finding the NSEC
proving that no RRsets exist with the applicable wildcard ...
... proving that no RRsets exist with the applicable wildcard name is
precisely the same as the algorithm for finding the NSEC RR that
proves that RRsets with any other owner name do not exist. The part
...
... wildcard name as part of step (1)(c) of the normal
lookup algorithm described in Section 4.3.2 of [RFC1034].
...
... DNSKEY RR. Use of a strong cryptographic digest
algorithm ensures that it is computationally infeasible for an
adversary to generate a DNSKEY RR that matches the digest. Thus,
...
... DNSKEY RR's owner name and RDATA are hashed
using the digest algorithm specified in the DS RR's Digest Type
...
... child zone.
If the validator does not support any of the algorithms listed in an
authenticated DS ...
... RRset does not exist.
If the resolver does not support any of the algorithms listed in an
authenticated DS ...
... o The RRSIG RR's Signer's Name, Algorithm, and Key Tag fields MUST
match the owner name, algorithm ...
... Algorithm, and Key Tag fields MUST
match the owner name, algorithm, and key tag for some DNSKEY RR in
...
... RRset.
The Algorithm field in the RRSIG RR identifies the cryptographic
algorithm used to generate the signature ...
... The Algorithm field in the RRSIG RR identifies the cryptographic
algorithm used to generate the signature. The signature itself is
...
... DNSKEY RR(s) (found in Section 5.3.1). [RFC4034]
provides a list of algorithm types and provides pointers to the
documents that define each algorithm's use.
...
... provides a list of algorithm types and provides pointers to the
documents that define each algorithm's use.
Note that it is possible for more than one DNSKEY RR ...
... RRset was signed by an
"example" DNSKEY with algorithm 5 and key tag 38519. The resolver
needs the corresponding DNSKEY RR ...
... RRSIG included in the response.
If multiple "example" DNSKEY RRs match this algorithm and key tag,
then each DNSKEY RR ...