Net::DNS::SEC 1.09 released

Dear all,

We are pleased to announce the 1.09 release of Net::DNS::SEC.

Code has been reworked to anticipate the proposed removal of some features in future versions of OpenSSL, but is otherwise functionally identical to 1.08.

Test scripts have been modified to avoid filename conflicts which arise when tests are executed in parallel.

For a complete list of changes and bugfixes see the CHANGES file.

link https://www.net-dns.org/download/Net-DNS-SEC-1.09.tar.gz
sha256 58eee69f494bc8157ad7cc043737404090ab0e557600c7e556a1f6422b8808c6
asc https://www.net-dns.org/download/Net-DNS-SEC-1.09.tar.gz.asc

Net::DNS::SEC 1.08 released

Dear all,

I am pleased to announce the 1.08 release of Net::DNS::SEC.

Code has been reworked to generate and verify signatures using the EVP interface which requires OpenSSL 1.0.0 or later.

Use of ED25519 and ED448 (algorithms 15 and 16) requires OpenSSL 1.1.1 or later.

ECC-GOST (obsolete GOST R 34.10-2001) signature verification requires the Digest::GOST package to be installed. The signature generation function has been removed.

For a complete list of changes and bugfixes see the CHANGES file.

link https://www.net-dns.org/download/Net-DNS-SEC-1.08.tar.gz
sha256 996d4e8dfa0c810221e87f5d290ee12098bb38dd37e9b3fb6276f3b19627d57b
asc https://www.net-dns.org/download/Net-DNS-SEC-1.08.tar.gz.asc

Release candidate for Net::DNS::SEC 1.08

Dear all,

We have a candidate for the 1.08 release of Net::DNS::SEC.

Code has been reworked to generate and verify signatures using the EVP interface which requires OpenSSL 1.0.0 or later.

Use of ED25519 and ED448 (algorithms 15 and 16) requires OpenSSL 1.1.1 or later.

ECC-GOST (obsolete GOST R 34.10-2001) signature verification requires the Digest::GOST package to be installed. The signature generation function has been removed.

For a complete list of changes and bugfixes see the CHANGES file.

Please review this candidate carefully. If no issues arise, the actual release will follow Friday the 11th of May 2018.

link https://www.net-dns.org/download/Net-DNS-SEC-1.07_02.tar.gz
sha256 60c80b5b0052424f348324bd14e024e852d5962845debf98c8b28a6d7fbf4a20
asc https://www.net-dns.org/download/Net-DNS-SEC-1.07_02.tar.gz.asc

Net::DNS::SEC 1.07 released

Dear all,

I am pleased to anounce the 1.07 release of Net::DNS::SEC.

During the hackathon at IETF101, we worked on validating and signing with the Ed25519 and Ed448 curves (algorithm 15 and 16) using OpenSSL’s official EVP interface. Unfortunately, the at the time available version 1.1.1-pre2 of OpenSSL was not yet completely ready for this, resulting in a *Epic fail* of our project! However, the foundation had been laid, and since then 1.1.1-pre3 and 1.1.1-pre4 have been released which do offer working support for the Edwards curves via the EVP interface.

This release contains a definite Net::DNS::SEC implementation of validating and signing with the Ed25519 and Ed488 curves when building against OpenSSL version 1.1.1-pre3 or higher. We believe this is the first main-stream “consumer” DNS library that offers both signing and validation for both the RFC8080 Edward-curves.

Besides the curve support, this release has also a single bugfix, to let Net::DNS::SEC install in architecture/build- dependent location.

For a complete list of changes and bugfixes see the CHANGES file.

link http://www.net-dns.org/download/Net-DNS-SEC-1.07.tar.gz
sha256 39e92aae3d354007583843aa6b24ab74e8725c09ba952a87084529b5229aee94
asc http://www.net-dns.org/download/Net-DNS-SEC-1.07.tar.gz.asc

Net::DNS::SEC 1.05 Released

Dear all,

I’m pleased to announce a new release, version 1.05 of Net::DNS::SEC.

This release contains an interim Net::DNS::SEC implementation of the Ed25519 and Ed488 curves (algorithm 15 and 16). However, it is provided as a building-kit from which some pieces have to come from a pre-build openssl-1.1.1* source tree.

Build instructions can be found in the include/Ed25519.h and include/Ed448.h files from the source tarball.

The current state of the Crypt::OpenSSL::RSA module (with respect to newer versions of OpenSSL), has made the private RSA key generation function of Net::DNS::SEC challenging (to say the least). Key generation with Net::DNS::SEC was already limited and restricted to RSA. This and readily available better private key generation tools, such as the BIND dnssec-keygen tool (which we already recommended), made us decide to drop this function.

This release has also a single bugfix, resolving an issue with missing attributes in private key files.

For a complete list of changes and bugfixes see the CHANGES file.

link https://www.net-dns.org/download/Net-DNS-SEC-1.05.tar.gz
sha256 1e4cb2575b4d25a3bd9d0b20ed9db2464baacc22f315012a2ad5375574644b2e
asc https://www.net-dns.org/download/Net-DNS-SEC-1.05.tar.gz.asc

Release candidate for Net::DNS::SEC 1.05

Dear all,

We have a candidate for the 1.05 release of Net::DNS::SEC.

This release contains an interim Net::DNS::SEC implementation of the Ed25519 and Ed488 curves (algorithm 15 and 16). However, it is provided as a building-kit from which some pieces have to come from a pre-build openssl-1.1.1* source tree.

Build instructions can be found in the include/Ed25519.h and include/Ed448.h files from the source tarball.

The current state of the Crypt::OpenSSL::RSA module (with respect to newer versions of OpenSSL), has made the private RSA key generation function of Net::DNS::SEC challenging (to say the least). Key generation with Net::DNS::SEC was already limited and restricted to RSA. This and readily available better private key generation tools, such as the BIND dnssec-keygen tool (which we already recommended), made us decide to drop this function.

This release has also a single bugfix, resolving an issue with missing attributes in private key files.

For a complete list of changes and bugfixes see the CHANGES file.

Please review this candidate carefully. If no issues arise, the actual release will follow Tuesday the 20th of March 2018.

link http://www.net-dns.org/download/Net-DNS-SEC-1.04_04.tar.gz
sha256 68398915227a93e891e3eb7979dad82457dd454c6a25299d8c2813915f98b31d
asc http://www.net-dns.org/download/Net-DNS-SEC-1.04_04.tar.gz.asc

Net::DNS::SEC 1.04 Released

Dear all,

We have a new release version 1.04 of Net::DNS::SEC.

Net::DNS::SEC is dependent on the Crypt::OpenSSL::(DSA|EDSA|RSA) modules for the cryptographic operations. Unfortunately these modules have not remained up-to-date with the underlying OpenSSL C library and are now non functional with OpenSSL releases from version 1.1.0 and higher.

This release contains a Perl foreign function interface on the OpenSSL libcrypto library directly and is no longer dependent on the Crypt::OpenSSL::(DSA|EDSA|RSA) modules, providing more flexibility in OpenSSL upgrade strategies.

link https://www.net-dns.org/download/Net-DNS-SEC-1.04.tar.gz
sha256 5b8a6559c9e07abdb9e9a829351afd465478a63c6a7f57c57f54bbd1d1ccf8d2
asc https://www.net-dns.org/download/Net-DNS-SEC-1.04.tar.gz.asc

Net::DNS 1.15 Released

Dear all,

We have a new release version 1.15 of Net::DNS.

This release has no bugs resolved nor any new features. Besides some minor code maintenance, this release only adds a Change notice to formalize the retirement of the GOST R 34.11-94 hash algorithm. However, the GOST algorithm will still work when a functional Digest::GOST module is present.

See also the Changes file.

link https://www.net-dns.org/download/Net-DNS-1.15.tar.gz
sha256 1ad46ba6438b846a94b4f50d53ecfda55f504a17e11b94effb087ff9329e61d0
asc https://www.net-dns.org/download/Net-DNS-1.15.tar.gz.asc

Regression test results: https://www.net-dns.org/regression

Release candidate for Net::DNS::SEC 1.04

Dear all,

We have a candidate for the 1.04 release of Net::DNS::SEC.

Net::DNS::SEC is dependent on the Crypt::OpenSSL::(DSA|ECDSA|RSA) modules for the cryptographic operations. Unfortunately these modules have not remained up-to-date with the underlying OpenSSL C library and are now non functional with OpenSSL releases from version 1.1.0 and higher.

This release contains a Perl foreign function interface on the OpenSSL libcrypto library directly and is no longer dependent on the Crypt::OpenSSL::(DSA|ECDSA|RSA) modules, providing more flexibility in OpenSSL upgrade strategies.

This is a non trivial architectural change. Therefore we ask you to review this candidate extra thoroughly. If no issues arise, the actual release will follow Wednesday the 14 February 2018.

For a complete list of changes and bugfixes see the CHANGES file.

link http://www.net-dns.org/download/Net-DNS-SEC-1.03_08.tar.gz
sha256 13e95d088786f58a17deaae0bb10e7e11c8aed2c8d63c71bd3d463ea5ae350c3
asc http://www.net-dns.org/download/Net-DNS-SEC-1.03_08.tar.gz.asc

Fast track release candidate for Net::DNS 1.15

Dear all,

We have a candidate for the fast track release of Net::DNS 1.15.

This release has no bugs resolved nor any new features. Besides some minor code maintenance, this release only adds a Change notice to formalize the retirement of the GOST R 34.11-94 hash algorithm. However, the GOST algorithm will still work when a functional Digest::GOST module is present.

See also the Changes file.

Actual release will follow Friday 9 February 2018.

link https://www.net-dns.org/download/Net-DNS-1.14_02.tar.gz
sha256 ba1cf328c165a9164e9d9587085882d38e717eb64c79ad72422da895481bd654
asc https://www.net-dns.org/download/Net-DNS-1.14_02.tar.gz.asc

Regression test results: https://www.net-dns.org/regression