Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen
Tony Finch
dot at dotat.at
Thu Mar 6 08:53:02 UTC 2014
Jason Hellenthal <jhellenthal at dataix.net> wrote:
>
> I recall spending a LOT of time with DNSSEC figuring out all the
> nonsense but like anything else stability and friendliness has to start
> somewhere. And development should not be impeded by adoption of bad
> practices. Fix the root cause not the symptom.
dnssec-keygen actually has quite sane defaults, but unfortunately the man
page is not great at saying which options can be ignored because they are
cruft from the 1990s. It could do with better examples too.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
South Utsire, Forties: Southwesterly 5 to 7, perhaps gale 8 later. Moderate or
rough. Rain. Moderate or poor.
More information about the bind-users
mailing list