On Wed, Jun 20, 2018 at 10:05:54AM +0100, Tony Finch wrote: > I think the problem is it isn't a complete implementation: you can't use > SIG(0) in all the places you can use TSIG. The TKEY support seems to be > specific to Kerberos, whereas broader support would make it a neat way to > use slow SIG(0) to establish fast TSIG session keys.
This matches my own intuition. "A clear idea of what to do about it" has been slow in coming, but I think you're right. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop