Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen

Gaurav Kansal gaurav.kansal at nic.in
Thu Mar 6 17:39:07 UTC 2014


At the time of posting this question, I didn't think that this thread will
cause this much of discussion. :)

Thanks to all for nice explanation and help.

 

Regards,

Gaurav Kansal

 

-----Original Message-----
From: bind-users-bounces+gaurav.kansal=nic.in at lists.isc.org
[mailto:bind-users-bounces+gaurav.kansal=nic.in at lists.isc.org] On Behalf Of
Evan Hunt
Sent: Thursday, March 6, 2014 10:08 PM
To: Carsten Strotmann
Cc: bind-users at lists.isc.org
Subject: Re: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in
dnssec-keygen

 

> there could be a hard-link from a name like "tsig-keygen" to 

> "dnssec-keygen" which changes the type of key created to "-n HOST". 

> That would not require any change to the existing interface. Just an idea.

 

Thanks, Carsten. I had actually had the same thought after writing my post
last night, though I was thinking of making it a hard link to ddns-confgen
rather than dnssec-keygen.

 

(Question: is "ddns-confgen -q" an appropriate and useful format?

I've never understood why anybody would want TSIG keys in .key/.private
form, but there may be a use case for it that I've overlooked.)

 

--

Evan Hunt --  <mailto:each at isc.org> each at isc.org

Internet Systems Consortium, Inc.

_______________________________________________

Please visit  <https://lists.isc.org/mailman/listinfo/bind-users>
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this
list

 

bind-users mailing list

 <mailto:bind-users at lists.isc.org> bind-users at lists.isc.org

 <https://lists.isc.org/mailman/listinfo/bind-users>
https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140306/e9503778/attachment.html>


More information about the bind-users mailing list