-
Restrict tried RRSIGs by qry_uid equality. I see no use case against and it could be confusing. (Also rewrite the conditions around to positive form.) An assertion in cache noticed an NSEC with _SECURE rank but no RRSIG (in practice). It was a side-effect of still not keeping RRSIGs with their RRs in some places. It wasn't a security problem, as it doesn't really matter where the signatures came from. Theoretically it might've lead to incorrect caching (missing usable RRSIGs), as cache was restricting qry_uid to match, but that hasn't been noticed in practice.
Restrict tried RRSIGs by qry_uid equality. I see no use case against and it could be confusing. (Also rewrite the conditions around to positive form.) An assertion in cache noticed an NSEC with _SECURE rank but no RRSIG (in practice). It was a side-effect of still not keeping RRSIGs with their RRs in some places. It wasn't a security problem, as it doesn't really matter where the signatures came from. Theoretically it might've lead to incorrect caching (missing usable RRSIGs), as cache was restricting qry_uid to match, but that hasn't been noticed in practice.
To find the state of this project's repository at the time of any of these versions, check out the tags.
Loading