Improve SSHFP record support

[candrews]

The SSHFP record interface only supports fingerprint type 1 (SHA-1) - it would be pretty great to also support FP 2 (which is SHA-256).

It also only supports algorithms 1 (RSA) and 2 (DSA). It would likewise be nice to support algorithms 3 (ECDSA) and 4 (Ed25519).

These supplements to SSHFP are described at https://tools.ietf.org/html/rfc6594 and http://www.iana.org/go/rfc7479

Thanks!

[Seth]

The PowerDNS docs only reference RFC 4255, so I can't say right now without checking the source code if it'll allow more than that or not.

[candrews]

I just took a look through the PowerDNS source code at https://github.com/PowerDNS/pdns/search?q=sshfp PowerDNS doesn't do any checking on the algorithm or fptype fields of the SSHFP records - it simply requires them to be integers.

I also contacted PowerDNS and asked them to add RFC 6594 and RFC 7479 to their compliance page at https://www.powerdns.com/compliance.html

Thanks!

[candrews]

*bump*

This seems like it should be a really easy to change to make... just add a couple new options to the drop down

[candrews]

This really does seem super simple. Can you please make this improvement?

[Seth]

I'm looking at our code for SSHFP type and it appears this is already done as far as the ACC is concerned (last change date is Dec. 4, 2016). Is it not working?

[candrews]

I never noticed the change was done...I stopped checking

Thanks!
~Craig