Uniqifiers for TSIG keys, was Re: feature consultation -- per-zone initiator-side tsig keys

Paul Vixie vixie at isc.org
Wed Dec 17 16:08:00 UTC 2008

> There is no need to use the TSIG key name as an identifier within a
> local configuration, even though the RFC basically encourages this (whch
> is totally misguided IMHO).

i wish we'd had your wisdom to guide us when this RFC was being crafted.
as i recall the thinking was, these names only HAVE TO BE unique in the
context of a requestor/responder pair, yet it seemed likely to all of us
that once a key existed then a given requestor would, out of convenience,
start using it with other responders, and/or a given responder would, out
of convenience, start using it with other requestors.  this latent and
likely (and dare i say inevitable) expansion of the uniqueness domain
made us recommend that only universally unique key names be used.  and if
they were universally unique, there was no reason in principle not to use
the key name as a configuration identifier once we were coding it in BIND.

however, you're right that the RFC does not require universal uniqueness,
and so BIND should not have used key names as configuration identifiers,
that was an unfortunate overlap between RFC-think and BIND-think.  we
ought to have realized that the RFC was liberal in what it accepted even
though close-fisted in what it recommended, and that BIND needed to align
itself to the liberal side of that equation.

> We can make this:
>      1. Easier for administrators.
>      2. Harder for administrators.
> I know the traditional BIND way is #2, but I am suggesting that perhaps
> in this one case we make an exception and go with #1. :)

send patches?

More information about the bind-workers mailing list