From: Phil Pennock <pdp@exim.org>
Date: Thu, 27 Oct 2016 06:12:07 +0000 (-0400)
Subject: Drop Ed25519 SSHFP records
X-Git-Url: https://git.exim.org/exim-dns.git/commitdiff_plain

Drop Ed25519 SSHFP records
---

diff --git a/exim.org.lua b/exim.org.lua
index cb557b9..c81c431 100644
--- a/exim.org.lua
+++ b/exim.org.lua
@@ -61,8 +61,10 @@ sshfp('hummus', 2, '0b85b8f17ecafcfb0f2d4beae9d74bf37113daac', 1, ttl)
 sshfp('hummus', 2, '2048f5b5ed4471cca229e304c0f8ff166823697504d2d3a28f38f11dac80e1fe', 2, ttl)
 sshfp('hummus', 3, 'd8a0078138279834a2dae8ce9eb408671ba88045', 1, ttl)
 sshfp('hummus', 3, '20fb937eb9b87aec566dff0a97b31963a3f5dd7cbba9e205574ebc676e842dff', 2, ttl)
-sshfp('hummus', 4, '6c6eaf95c8242ea53791942717b0ed40e9e5db92', 1, ttl)
-sshfp('hummus', 4, 'bf4b9376f5fffe2b59a0948638df3b4d77d02da2cb8c44cbc90d0bf174f22e5e', 2, ttl)
+-- 2016-10-27: apparently LuaDNS needlessly "validate" by checking the algorithms against an outdated whitelist,
+--             such that we can't have the Ed25519 fingerprints from RFC7479 (March 2015).
+-- sshfp('hummus', 4, '6c6eaf95c8242ea53791942717b0ed40e9e5db92', 1, ttl)
+-- sshfp('hummus', 4, 'bf4b9376f5fffe2b59a0948638df3b4d77d02da2cb8c44cbc90d0bf174f22e5e', 2, ttl)
 
 -- Google Gmail Postmaster Tools (this one for Phil):
 cname('nwkjs7zfnln6',	'gv-3umn6e3uwnaqo5.dv.googlehosted.com',	ttl)