Make wording more intuitive

author: Casey Deccio <casey@deccio.net> 2021-01-08 06:21:27 +0300
committer: Casey Deccio <casey@deccio.net> 2021-01-09 03:07:33 +0300
commit: d5c8fda453a9355280f18a2de0dee68e79133415 (patch)
tree: 80a7754c6b3a383b5a2b248dd21f1212c24362cf
parent: 8f4080c53cf7fe10b0a8eac59e94a796ab3d99fb (diff)
3 files changed, 20 insertions, 20 deletions
diff --git a/dnsviz/analysis/errors.py b/dnsviz/analysis/errors.py
index 27a21ce..b01b342 100644
--- a/dnsviz/analysis/errors.py
+++ b/dnsviz/analysis/errors.py
@@ -252,9 +252,9 @@ class AlgorithmNotSupported(RRSIGError):
         super(AlgorithmNotSupported, self).__init__(**kwargs)
         self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm'])
 
-class AlgorithmMustNotValidate(RRSIGError):
+class AlgorithmValidationProhibited(RRSIGError):
     '''
-    >>> e = AlgorithmMustNotValidate(algorithm=5)
+    >>> e = AlgorithmValidationProhibited(algorithm=5)
     >>> e.args
     [5]
     >>> e.description
@@ -262,13 +262,13 @@ class AlgorithmMustNotValidate(RRSIGError):
     '''
 
     _abstract = False
-    code = 'ALGORITHM_MUST_NOT_VALIDATE'
+    code = 'ALGORITHM_VALIDATION_PROHIBITED'
     description_template = "DNSSEC specification prohibits validation of RRSIGs with DNSSEC algorithm %(algorithm)d (%(algorithm_text)s)."
     references = ['RFC 8624, Sec. 3.1']
     required_params = ['algorithm']
 
     def __init__(self, **kwargs):
-        super(AlgorithmMustNotValidate, self).__init__(**kwargs)
+        super(AlgorithmValidationProhibited, self).__init__(**kwargs)
         self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm'])
 
 class DNSKEYRevokedRRSIG(RRSIGError):
@@ -533,21 +533,21 @@ class DigestAlgorithmNotSupported(DSDigestError):
         super(DigestAlgorithmNotSupported, self).__init__(**kwargs)
         self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm'])
 
-class DigestAlgorithmMustNotValidate(DSDigestError):
+class DigestAlgorithmValidationProhibited(DSDigestError):
     '''
-    >>> e = DigestAlgorithmMustNotValidate(algorithm=5)
+    >>> e = DigestAlgorithmValidationProhibited(algorithm=5)
     >>> e.description
     'DNSSEC specification prohibits validation of DS records that use digest algorithm 5 (5).'
     '''
 
     _abstract = False
-    code = 'DIGEST_ALGORITHM_MUST_NOT_VALIDATE'
+    code = 'DIGEST_ALGORITHM_VALIDATION_PROHIBITED'
     description_template = "DNSSEC specification prohibits validation of DS records that use digest algorithm %(algorithm)d (%(algorithm_text)s)."
     references = ['RFC 8624, Sec. 3.2']
     required_params = ['algorithm']
 
     def __init__(self, **kwargs):
-        super(DigestAlgorithmMustNotValidate, self).__init__(**kwargs)
+        super(DigestAlgorithmValidationProhibited, self).__init__(**kwargs)
         self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm'])
 
 class DNSKEYRevokedDS(DSDigestError):
diff --git a/dnsviz/analysis/offline.py b/dnsviz/analysis/offline.py
index dbea3db..dcfc58a 100644
--- a/dnsviz/analysis/offline.py
+++ b/dnsviz/analysis/offline.py
@@ -857,8 +857,8 @@ class OfflineDomainNameAnalysis(OnlineDomainNameAnalysis):
 
         # unless we are overriding, mark prohibited algorithms as not supported
         if not validate_prohibited_algs:
-            supported_algs.difference_update(Status.DNSKEY_ALGS_MUST_NOT_VALIDATE)
-            supported_digest_algs.difference_update(Status.DS_DIGEST_ALGS_MUST_NOT_VALIDATE)
+            supported_algs.difference_update(Status.DNSKEY_ALGS_VALIDATION_PROHIBITED)
+            supported_digest_algs.difference_update(Status.DS_DIGEST_ALGS_VALIDATION_PROHIBITED)
 
         self._populate_status(trusted_keys, supported_algs, supported_digest_algs, is_dlv, None, follow_mx)
 
diff --git a/dnsviz/analysis/status.py b/dnsviz/analysis/status.py
index 5ba2595..ae6a572 100644
--- a/dnsviz/analysis/status.py
+++ b/dnsviz/analysis/status.py
@@ -171,13 +171,13 @@ DS_DIGEST_ALGS_IGNORING_SHA1 = (2,)
 
 # RFC 8624 Section 3.1
 DNSKEY_ALGS_NOT_RECOMMENDED = (5, 7, 10)
-DNSKEY_ALGS_MUST_NOT_SIGN = (1, 3, 6, 12)
-DNSKEY_ALGS_MUST_NOT_VALIDATE = (1, 3, 6)
+DNSKEY_ALGS_PROHIBITED = (1, 3, 6, 12)
+DNSKEY_ALGS_VALIDATION_PROHIBITED = (1, 3, 6)
 
 # RFC 8624 Section 3.2
 DS_DIGEST_ALGS_NOT_RECOMMENDED = ()
-DS_DIGEST_ALGS_MUST_NOT_SIGN = (0, 1, 3)
-DS_DIGEST_ALGS_MUST_NOT_VALIDATE = ()
+DS_DIGEST_ALGS_PROHIBITED = (0, 1, 3)
+DS_DIGEST_ALGS_VALIDATION_PROHIBITED = ()
 
 class RRSIGStatus(object):
     def __init__(self, rrset, rrsig, dnskey, zone_name, reference_ts, supported_algs):
@@ -207,7 +207,7 @@ class RRSIGStatus(object):
             else:
                 # If there is a DNSKEY, then we look at *why* we are ignoring
                 # the cryptographic signature.
-                if self.dnskey.rdata.algorithm in DNSKEY_ALGS_MUST_NOT_VALIDATE:
+                if self.dnskey.rdata.algorithm in DNSKEY_ALGS_VALIDATION_PROHIBITED:
                     # In this case, specification dictates that the algorithm
                     # MUST NOT be validated, so we mark it as ignored.
                     if self.validation_status == RRSIG_STATUS_VALID:
@@ -225,8 +225,8 @@ class RRSIGStatus(object):
         # Independent of whether or not we considered the cryptographic
         # validation, issue a warning if we are using an algorithm for which
         # validation has been prohibited.
-        if self.dnskey.rdata.algorithm in DNSKEY_ALGS_MUST_NOT_VALIDATE:
-            self.warnings.append(Errors.AlgorithmMustNotValidate(algorithm=self.rrsig.algorithm))
+        if self.dnskey.rdata.algorithm in DNSKEY_ALGS_VALIDATION_PROHIBITED:
+            self.warnings.append(Errors.AlgorithmValidationProhibited(algorithm=self.rrsig.algorithm))
 
         if self.rrset.ttl_cmp:
             if self.rrset.rrset.ttl != self.rrset.rrsig_info[self.rrsig].ttl:
@@ -395,7 +395,7 @@ class DSStatus(object):
             else:
                 # If there is a DNSKEY, then we look at *why* we are ignoring
                 # the digest of the DNSKEY.
-                if self.ds.digest_type in DS_DIGEST_ALGS_MUST_NOT_VALIDATE:
+                if self.ds.digest_type in DS_DIGEST_ALGS_VALIDATION_PROHIBITED:
                     # In this case, specification dictates that the algorithm
                     # MUST NOT be validated, so we mark it as ignored.
                     if self.validation_status == DS_STATUS_VALID:
@@ -413,8 +413,8 @@ class DSStatus(object):
         # Independent of whether or not we considered the digest for
         # validation, issue a warning if we are using a digest type for which
         # validation has been prohibited.
-        if self.ds.digest_type in DS_DIGEST_ALGS_MUST_NOT_VALIDATE:
-            self.warnings.append(Errors.DigestAlgorithmMustNotValidate(algorithm=self.ds.digest_type))
+        if self.ds.digest_type in DS_DIGEST_ALGS_VALIDATION_PROHIBITED:
+            self.warnings.append(Errors.DigestAlgorithmValidationProhibited(algorithm=self.ds.digest_type))
 
         if self.dnskey is not None and \
                 self.dnskey.rdata.flags & fmt.DNSKEY_FLAGS['revoke']:
author	Casey Deccio <casey@deccio.net>	2021-01-08 06:21:27 +0300
committer	Casey Deccio <casey@deccio.net>	2021-01-09 03:07:33 +0300
commit	d5c8fda453a9355280f18a2de0dee68e79133415 (patch)
tree	80a7754c6b3a383b5a2b248dd21f1212c24362cf
parent	8f4080c53cf7fe10b0a8eac59e94a796ab3d99fb (diff)