[DNSSEC-Transparency] Test data wanted
linus at nordu.net
Mon Feb 8 17:05:15 CET 2016
I'm ready to start testing some code. In order to save some time, I'm
asking the list for test data.
I suggest that we define "Inputs" for our newly invented "add-ds-rr"
HTTP entry-point (similar to RFC6962 section 4.1) like this:
chain: An array of base64-encoded RRsets in DNS wire format. The first
element is a single DS RR to be added to the log. The next element is
an RRSIG RR for the DS RR. After that follows all the RRsets necessary
to validate the DS RR up to a known root. The RR types allowed are
DNSKEY, RRSIG and DS.
Now please tell me where this will fail. :)
Or provide me with a chain like described above for a DS record of your
choice that's valid using the DNSSEC root as a known root.
More information about the DNSSEC-Transparency