projects / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9c08828) | patch
resolved: reduce the maximum nsec3 iterations to 100
authorRonan Pigott <ronan@rjp.ie>
Sun, 25 Feb 2024 07:23:32 +0000 (00:23 -0700)
committerCarlos Henrique Lima Melara <charlesmelara@riseup.net>
Thu, 26 Jun 2025 00:44:53 +0000 (21:44 -0300)
commit6a6c6b2e6addc47c8c7bc68d28e4a4c9be099712
tree64732e7b185863da9b238161d5aef61891848565tree | snapshot
parent9c088283d2609e82789e6e08c1b408250f3e1f58commit | diff
resolved: reduce the maximum nsec3 iterations to 100

According to RFC9267, the 2500 value is not helpful, and in fact it can
be harmful to permit a large number of iterations. Combined with limits
on the number of signature validations, I expect this will mitigate the
impact of maliciously crafted domains designed to cause excessive
cryptographic work.

Gbp-Pq: Name 0003-resolved-reduce-the-maximum-nsec3-iterations-to-100.patch
src/resolve/resolved-dns-dnssec.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.