Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen
p.mayers at imperial.ac.uk
Thu Mar 6 09:07:06 UTC 2014
On 06/03/14 08:53, Tony Finch wrote:
> Jason Hellenthal <jhellenthal at dataix.net> wrote:
>> I recall spending a LOT of time with DNSSEC figuring out all the
>> nonsense but like anything else stability and friendliness has to start
>> somewhere. And development should not be impeded by adoption of bad
>> practices. Fix the root cause not the symptom.
> dnssec-keygen actually has quite sane defaults, but unfortunately the man
Agreed. The first couple of times you figure the options takes a bit of
time, but once you've done that, dnssec-keygen is really quite inoffensive.
Frankly there are a bucketload of Unix tools whose more esoteric
behaviour I've never bothered to memorise; the key is for help and man
pages to be sane. I'm constantly doing "man find"...
More information about the bind-users