BIND 10 trac893, updated. 143b2c6769c64eb55d2f34305ad8e2b7ce681aa6 [trac893] added more rationale about handling unknown algorithm names

BIND 10 source code commits bind10-changes at lists.isc.org
Wed May 11 06:19:59 UTC 2011 

The branch, trac893 has been updated
       via  143b2c6769c64eb55d2f34305ad8e2b7ce681aa6 (commit)
      from  4787c281a351b04b9570b8bb2d863db706a9d9c9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 143b2c6769c64eb55d2f34305ad8e2b7ce681aa6
Author: JINMEI Tatuya <jinmei at isc.org>
Date:   Tue May 10 23:19:39 2011 -0700

    [trac893] added more rationale about handling unknown algorithm names

-----------------------------------------------------------------------

Summary of changes:
 src/lib/dns/tsigkey.h |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

-----------------------------------------------------------------------
diff --git a/src/lib/dns/tsigkey.h b/src/lib/dns/tsigkey.h
index dd79d1f..f0df709 100644
--- a/src/lib/dns/tsigkey.h
+++ b/src/lib/dns/tsigkey.h
@@ -75,7 +75,16 @@ public:
     /// Other names are still accepted as long as the secret is empty
     /// (\c secret is \c NULL and \c secret_len is 0), however; in some cases
     /// we might want to treat just the pair of key name and algorithm name
-    /// opaquely, e.g., when generating a response TSIG with a BADKEY error.
+    /// opaquely, e.g., when generating a response TSIG with a BADKEY error
+    /// because the algorithm is unknown as specified in Section 3.2 of
+    /// RFC2845 (in which case the algorithm name would be copied from the
+    /// request to the response, and for that purpose it would be convenient
+    /// if a \c TSIGKey object can hold a name for an "unknown" algorithm).
+    ///
+    /// \note RFC2845 does not specify which algorithm name should be used
+    /// in such a BADKEY response.  The behavior of using the same algorithm
+    /// is derived from the BIND 9 implementation.
+    ///
     /// It is unlikely that a TSIG key with an unknown algorithm is of any
     /// use with actual crypto operation, so care must be taken when dealing
     /// with such keys. (The restriction for the secret will prevent

More information about the bind10-changes mailing list