X-RT-Original-Encoding: utf-8
Content-Disposition: inline
In-Reply-To: <rt-4.4.1-30411-1504144694-956.44755-0-0@isc.org>
X-Mailer: MIME-tools 5.508 (Entity 5.508)
Message-ID: <rt-4.4.1-4791-1505779405-1011.44755-0-0@isc.org>
References: <rt-4.2.8-35031-1487953106-1444.0-0-0@isc.org>
 <RT-Ticket-44755@isc.org>
 <rt-4.4.1-30411-1504144694-956.44755-0-0@isc.org>
Content-Type: text/plain; charset="utf-8"
X-RT-Interface: Web
MIME-Version: 1.0
Content-Transfer-Encoding: binary
RT-Send-CC:
Content-Length: 976

Looks fine to me. resolving.


On Wed Aug 30 18:58:15 2017, each wrote:
> 4594.   [func]          dnssec-keygen no longer uses RSASHA1 by default;
>                         the signing algorithm must be specified on
>                         the command line with the "-a" option.  Signing
>                         scripts that rely on the existing default behavior
>                         will break; use "dnssec-keygen -a RSASHA1" to
>                         repair them. (The goal of this change is to make
>                         it easier to find scripts using RSASHA1 so they 
>                         can be changed in the event of that algorithm 
>                         being deprecated in the future.) [RT #44755]
> 
> 9.12.0
> 
> This necessitated changing a number of system tests that used dnssec-keygen
> with the default algorithm, so I'm putting this ticket in the qa queue to
> make sure those changes were all correct. There were no new tests added.