Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen
Evan Hunt
each at isc.org
Thu Mar 6 16:38:23 UTC 2014
> there could be a hard-link from a name like "tsig-keygen" to
> "dnssec-keygen" which changes the type of key created to "-n HOST". That
> would not require any change to the existing interface. Just an idea.
Thanks, Carsten. I had actually had the same thought after writing my post
last night, though I was thinking of making it a hard link to ddns-confgen
rather than dnssec-keygen.
(Question: is "ddns-confgen -q" an appropriate and useful format?
I've never understood why anybody would want TSIG keys in .key/.private
form, but there may be a use case for it that I've overlooked.)
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list