hickory_proto::dnssec::tbs

Function determine_name

Source
pub fn determine_name(name: &Name, num_labels: u8) -> Result<Name, ProtoError>
Available on crate feature dnssec only.
Expand description

RFC 4035, DNSSEC Protocol Modifications, March 2005


5.3.2.  Reconstructing the Signed Data
            ...
            To calculate the name:
               let rrsig_labels = the value of the RRSIG Labels field

               let fqdn = RRset's fully qualified domain name in
                               canonical form

               let fqdn_labels = Label count of the fqdn above.

               if rrsig_labels = fqdn_labels,
                   name = fqdn

               if rrsig_labels < fqdn_labels,
                  name = "*." | the rightmost rrsig_label labels of the
                                fqdn

               if rrsig_labels > fqdn_labels
                  the RRSIG RR did not pass the necessary validation
                  checks and MUST NOT be used to authenticate this
                  RRset.

   The canonical forms for names and RRsets are defined in [RFC4034].