validate: don't chase non-sensical signers (!1022) · Merge requests · Knot projects / Knot Resolver

Vladimír Čunát requested to merge validate-signer-bailiwick into master Jul 13, 2020

When signer name isn't a prefix of owner, the signature does not make sense and it's no use trying to use that signer name in any way.

We generally don't force queries on every level of the path, so this signer confusion could "introduce SERVFAILs" if we skip over a transition to insecure.

Fixes: #587 (closed)

Edited Jul 13, 2020 by Vladimír Čunát

Admin message

Admin message

validate: don't chase non-sensical signers

Merge request reports