Zitat von Paul Wouters <paul at xelerance.com>: > On Tue, 9 Nov 2010, lst_hoe02 at kwsoft.de wrote: > >> Is GOST a supported cipher for DNSSEC or will it be some time in the future? > > It's fully suported in the RFC's includig its algorithm number. I guess a validating resolver is supposed to treat results as unsigned/unsecure if it find a algorithm it can not process? >> As far as i can see it is only available in openssl 1.x or newer >> and for the next few years this will probably not be the standard >> on Unix. So most of us have to use "--disable-gost" anyway... > > I have not yet packaged things up, but I assume there is detection > in ./configure > for this. Yes that's how i noticed.. > Red Hat strips out all ECC related routines in openssl, so even on > rhel/centos 6 > there will be no gost if using the stock openssl package. I'm > looking at seeing > if it is possible to add a sub package (openssl-gost) that just has the gost > engine, but that will require some time to see how compatible that > is with the > "stripping" used in Red Hat. That's why software patents are bad as hell.... Regards Andreas