pub enum Nsec3HashAlgorithm {
SHA1,
}
Available on crate feature
dnssec
only.Expand description
RFC 5155 NSEC3 March 2008
11. IANA Considerations
Although the NSEC3 and NSEC3PARAM RR formats include a hash algorithm
parameter, this document does not define a particular mechanism for
safely transitioning from one NSEC3 hash algorithm to another. When
specifying a new hash algorithm for use with NSEC3, a transition
mechanism MUST also be defined.
This document updates the IANA registry "DOMAIN NAME SYSTEM
PARAMETERS" (https://www.iana.org/assignments/dns-parameters) in sub-
registry "TYPES", by defining two new types. Section 3 defines the
NSEC3 RR type 50. Section 4 defines the NSEC3PARAM RR type 51.
This document updates the IANA registry "DNS SECURITY ALGORITHM
NUMBERS -- per [RFC4035]"
(https://www.iana.org/assignments/dns-sec-alg-numbers). Section 2
defines the aliases DSA-NSEC3-SHA1 (6) and RSASHA1-NSEC3-SHA1 (7) for
respectively existing registrations DSA and RSASHA1 in combination
with NSEC3 hash algorithm SHA1.
Since these algorithm numbers are aliases for existing DNSKEY
algorithm numbers, the flags that exist for the original algorithm
are valid for the alias algorithm.
This document creates a new IANA registry for NSEC3 flags. This
registry is named "DNSSEC NSEC3 Flags". The initial contents of this
registry are:
0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+
| | | | | | | |Opt|
| | | | | | | |Out|
+---+---+---+---+---+---+---+---+
bit 7 is the Opt-Out flag.
bits 0 - 6 are available for assignment.
Assignment of additional NSEC3 Flags in this registry requires IETF
Standards Action [RFC2434].
This document creates a new IANA registry for NSEC3PARAM flags. This
registry is named "DNSSEC NSEC3PARAM Flags". The initial contents of
this registry are:
0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+
| | | | | | | | 0 |
+---+---+---+---+---+---+---+---+
bit 7 is reserved and must be 0.
bits 0 - 6 are available for assignment.
Assignment of additional NSEC3PARAM Flags in this registry requires
IETF Standards Action [RFC2434].
Finally, this document creates a new IANA registry for NSEC3 hash
algorithms. This registry is named "DNSSEC NSEC3 Hash Algorithms".
The initial contents of this registry are:
0 is Reserved.
1 is SHA-1.
2-255 Available for assignment.
Assignment of additional NSEC3 hash algorithms in this registry
requires IETF Standards Action [RFC2434].
Variants§
SHA1
Hash for the Nsec3 records
Implementations§
Source§impl Nsec3HashAlgorithm
impl Nsec3HashAlgorithm
Sourcepub fn from_u8(value: u8) -> Result<Self, ProtoError>
pub fn from_u8(value: u8) -> Result<Self, ProtoError>
Sourcepub fn hash(
self,
salt: &[u8],
name: &Name,
iterations: u16,
) -> Result<Digest, ProtoError>
Available on crate features dnssec-openssl
or dnssec-ring
only.
pub fn hash( self, salt: &[u8], name: &Name, iterations: u16, ) -> Result<Digest, ProtoError>
dnssec-openssl
or dnssec-ring
only.Laurie, et al. Standards Track [Page 14]
RFC 5155 NSEC3 March 2008
Define H(x) to be the hash of x using the Hash Algorithm selected by
the NSEC3 RR, k to be the number of Iterations, and || to indicate
concatenation. Then define:
IH(salt, x, 0) = H(x || salt), and
IH(salt, x, k) = H(IH(salt, x, k-1) || salt), if k > 0
Then the calculated hash of an owner name is
IH(salt, owner name, iterations),
where the owner name is in the canonical form, defined as:
The wire format of the owner name where:
1. The owner name is fully expanded (no DNS name compression) and
fully qualified;
2. All uppercase US-ASCII letters are replaced by the corresponding
lowercase US-ASCII letters;
3. If the owner name is a wildcard name, the owner name is in its
original unexpanded form, including the "*" label (no wildcard
substitution);
Trait Implementations§
Source§impl Clone for Nsec3HashAlgorithm
impl Clone for Nsec3HashAlgorithm
Source§fn clone(&self) -> Nsec3HashAlgorithm
fn clone(&self) -> Nsec3HashAlgorithm
Returns a copy of the value. Read more
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source
. Read moreSource§impl Debug for Nsec3HashAlgorithm
impl Debug for Nsec3HashAlgorithm
Source§impl Default for Nsec3HashAlgorithm
impl Default for Nsec3HashAlgorithm
Source§fn default() -> Nsec3HashAlgorithm
fn default() -> Nsec3HashAlgorithm
Returns the “default value” for a type. Read more
Source§impl<'de> Deserialize<'de> for Nsec3HashAlgorithm
impl<'de> Deserialize<'de> for Nsec3HashAlgorithm
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
Source§impl From<Nsec3HashAlgorithm> for u8
impl From<Nsec3HashAlgorithm> for u8
Source§fn from(a: Nsec3HashAlgorithm) -> Self
fn from(a: Nsec3HashAlgorithm) -> Self
Converts to this type from the input type.
Source§impl Hash for Nsec3HashAlgorithm
impl Hash for Nsec3HashAlgorithm
Source§impl PartialEq for Nsec3HashAlgorithm
impl PartialEq for Nsec3HashAlgorithm
Source§impl Serialize for Nsec3HashAlgorithm
impl Serialize for Nsec3HashAlgorithm
impl Copy for Nsec3HashAlgorithm
impl Eq for Nsec3HashAlgorithm
impl StructuralPartialEq for Nsec3HashAlgorithm
Auto Trait Implementations§
impl Freeze for Nsec3HashAlgorithm
impl RefUnwindSafe for Nsec3HashAlgorithm
impl Send for Nsec3HashAlgorithm
impl Sync for Nsec3HashAlgorithm
impl Unpin for Nsec3HashAlgorithm
impl UnwindSafe for Nsec3HashAlgorithm
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
Compare self to
key
and return true
if they are equal.