Hello everyone!
On 1/18/21 7:57 AM, Viktor Dukhovni wrote:
The non-empty salt is pointless, but basically harmless.
Why should salt be pointless? Can you hint/link?
Quick link to original motivation:
https://tools.ietf.org/html/rfc5155#appendix-C.1
(Though it seems relatively weak to me... nowadays I can't really
imagine practical dictionaries for DNS names that would be "too
expensive" to rehash whenever resigning happens.)
I find the shared "salt" value somewhat "amusing"
Whole FQDNs are hashed, so sharing salt among different zones seems safe
to me, though I must admit I have no idea why anyone might want to do
it. Though if salt is pointless overall...
--Vladimir
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
