Function trust_dns_proto::rr::dnssec::tbs::determine_name
source · [−]pub fn determine_name(name: &Name, num_labels: u8) -> Result<Name, ProtoError>
This is supported on crate feature
dnssec
only.Expand description
RFC 4035, DNSSEC Protocol Modifications, March 2005
5.3.2. Reconstructing the Signed Data
...
To calculate the name:
let rrsig_labels = the value of the RRSIG Labels field
let fqdn = RRset's fully qualified domain name in
canonical form
let fqdn_labels = Label count of the fqdn above.
if rrsig_labels = fqdn_labels,
name = fqdn
if rrsig_labels < fqdn_labels,
name = "*." | the rightmost rrsig_label labels of the
fqdn
if rrsig_labels > fqdn_labels
the RRSIG RR did not pass the necessary validation
checks and MUST NOT be used to authenticate this
RRset.
The canonical forms for names and RRsets are defined in [RFC4034].