BIND support for GSS-TSIG - Progress?
Paul Vixie
paul at vix.com
Fri Sep 7 16:31:47 UTC 2001
JSasso at mvphealthcare.com ("Sasso, John IT") writes:
> Going through the list archives, the issue of BIND support for GSS-TSIG was
> discussed last year in threads between Microsoft (Stuart Kwan et.al.) and
> ISC (David Conrad), among others. Unless I'm mistaken, I see there's still
> no support for GSS-TSIG in BIND.
You're not mistaken.
> Has ISC made any progress at all with working with Microsoft on this issue?
> What roadblocks have been met [on either side]? Any speculation as to when
> GSS-TSIG will be supported?
ISC cannot undertake a project of this size without explicit funding. There's
some hope that some of the vendors who ship or who want to ship BIND9 with
their products will engage ISC in a development contract whose goal set will
include GSS-TSIG. Left to itself, though, ISC's efforts will be limited to
maintainance and integration rather than extensive new features like GSS-TSIG.
> I have a question on reservations through IANA I hope someone can clarify
> for me. According to sec. 2.2 of RFC-2845, "The `HMAC-MD5' algorithm is
> mandatory to implement for interoperability. Other algorithms can be
> specified at a later date. Names and definitions of new algorithms MUST be
> registered with IANA." So implementations compliant w/ RFC-2845 must
> implement/use HMAC-MD5 even if they support other algorithms (e.g.
> GSS-TSIG), correct?
If TSIG hadn't been originally experimental, that could be meaningful.
> Second, I went to www.iana.org and tried to locate
> where the algorithm HMAC-MD5.SIG-ALG.REG.INT was reserved, but could not
> find it. Does this mean IANA has not registered the algorithm; if so, where
> is it at IANA?
Dunno that part. Maybe Bill Manning will chime in here.
More information about the bind-users
mailing list