Hello Evan,
Evan Hunt writes:
> On Thu, Mar 06, 2014 at 11:34:45AM +0100, Carsten Strotmann wrote:
>> there could be a hard-link from a name like "tsig-keygen" to
>> "dnssec-keygen" which changes the type of key created to "-n HOST". That
>> would not require any change to the existing interface
On Thu, Mar 06, 2014 at 11:34:45AM +0100, Carsten Strotmann wrote:
> there could be a hard-link from a name like "tsig-keygen" to
> "dnssec-keygen" which changes the type of key created to "-n HOST". That
> would not require any change to the existing interface. Just an idea.
>
> I'm not suggestin
Hello Evan,
Evan Hunt writes:
>> there could be a hard-link from a name like "tsig-keygen" to
>> "dnssec-keygen" which changes the type of key created to "-n HOST". That
>> would not require any change to the existing interface. Just an idea.
>
> Thanks, Carsten. I had actually had the same thou
users-bounces+gaurav.kansal=nic...@lists.isc.org] On Behalf Of
Evan Hunt
Sent: Thursday, March 6, 2014 10:08 PM
To: Carsten Strotmann
Cc: bind-users@lists.isc.org
Subject: Re: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in
dnssec-keygen
> there could be a hard-link from a name li
> there could be a hard-link from a name like "tsig-keygen" to
> "dnssec-keygen" which changes the type of key created to "-n HOST". That
> would not require any change to the existing interface. Just an idea.
Thanks, Carsten. I had actually had the same thought after writing my post
last night, t
Hi Evan,
Evan Hunt writes:
> On Thu, Mar 06, 2014 at 08:55:28AM +0100, Carsten Strotmann wrote:
>> I agree that it might be nice to change "dnssec-keygen" to make the tool
>> more userfriendly. The current state-of-things is because of historic
>> developments in how DNSSEC came to birth.
>
> ..
On 06/03/14 08:53, Tony Finch wrote:
Jason Hellenthal wrote:
I recall spending a LOT of time with DNSSEC figuring out all the
nonsense but like anything else stability and friendliness has to start
somewhere. And development should not be impeded by adoption of bad
practices. Fix the root caus
Jason Hellenthal wrote:
>
> I recall spending a LOT of time with DNSSEC figuring out all the
> nonsense but like anything else stability and friendliness has to start
> somewhere. And development should not be impeded by adoption of bad
> practices. Fix the root cause not the symptom.
dnssec-keyg
Nothing is ever set in stone that hard. Sorry they wrote scripts for it. All
apologies they decided to use Elmer's glue instead of high tensile strength
super carbon based cement. They will just have to amend those temp scripts with
some test cases or you can write a compatibility shim with an e
On Thu, Mar 06, 2014 at 08:55:28AM +0100, Carsten Strotmann wrote:
> I agree that it might be nice to change "dnssec-keygen" to make the tool
> more userfriendly. The current state-of-things is because of historic
> developments in how DNSSEC came to birth.
...and lots of people dealing with dnsse
Gaurav Kansal writes:
> I was wondering if HMAC* keys are not used for zone then why the same
> is displayed when we use "dnssec-keygen -h".
the tool "dnssec-keygen" can be used to create both "zone" keys (with
"-n ZONE") for DNSSEC zone signing, and "host" keys (with "-n HOST") for
TSIG signin
On 3/6/14, 12:40 AM, Gaurav Kansal wrote:
> I was wondering if HMAC* keys are not used for zone then why the same is
> displayed when we use "dnssec-keygen -h"
Because dnssec-keygen is used to generate more than just DNSSEC zone keys.
AlanC
signature.asc
Description: OpenPGP digital signature
day, March 3, 2014 3:58 AM
To: Gaurav Kansal
Cc: bind-users@lists.isc.org
Subject: Re: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in
dnssec-keygen
Gaurav Kansal < <mailto:gaurav.kan...@nic.in> gaurav.kan...@nic.in> wrote:
>
> I have doubt in this only. W
Gaurav Kansal wrote:
>
> I have doubt in this only. What's the difference between Zone or Host ??
Zone keys are used for DNSSEC signing zones.
Host keys are used for TSIG transaction authentication, for securing zone
transfers or dynamic updates.
> I also want to know which algorithm is the bes
Dear Team,
I am using RSASHA1 key generation algorithm for generating the KSK and ZSK.
Today, I tried to generate the algorithm using RSASHA512 and HMAC-SHA256
algorithm.
Key generation through RSASHA512 algorithm run successfully but while
generating the keys through HMAC-SHA512 algorithm
15 matches
Mail list logo
