The verifier program doesn't work as stated in the
internet draft. Testing took me a lot of time because
off dns-caching so i inserted a low TTL.
I discovered the following:
When you put "g=; k=rsa; t=y; p=fooblahblahkey" in
the dns zone file then everything works nicely.
If you want to use it in a production environment and
decided to leave the "t=y" out then all tests will
fail even if it shouldn't.
I made a few dns query's and checked some of the
selectors of sites who offer the possibility to check
the program. All the sites that have a record without
the "t=y" option will fail the verification.
I do not know if this is only related to version
0.3.2 but at this moment it's not following the draft.
Hope you can do something about it.
Log in to post a comment.