Hello Evan,
Evan Hunt e...@isc.org writes:
On Thu, Mar 06, 2014 at 11:34:45AM +0100, Carsten Strotmann wrote:
there could be a hard-link from a name like tsig-keygen to
dnssec-keygen which changes the type of key created to -n HOST. That
would not require any change to the existing
On Thu, Mar 06, 2014 at 11:34:45AM +0100, Carsten Strotmann wrote:
there could be a hard-link from a name like tsig-keygen to
dnssec-keygen which changes the type of key created to -n HOST. That
would not require any change to the existing interface. Just an idea.
I'm not suggesting to
On Thu, Mar 06, 2014 at 08:55:28AM +0100, Carsten Strotmann wrote:
I agree that it might be nice to change dnssec-keygen to make the tool
more userfriendly. The current state-of-things is because of historic
developments in how DNSSEC came to birth.
...and lots of people dealing with
Nothing is ever set in stone that hard. Sorry they wrote scripts for it. All
apologies they decided to use Elmer's glue instead of high tensile strength
super carbon based cement. They will just have to amend those temp scripts with
some test cases or you can write a compatibility shim with an
Jason Hellenthal jhellent...@dataix.net wrote:
I recall spending a LOT of time with DNSSEC figuring out all the
nonsense but like anything else stability and friendliness has to start
somewhere. And development should not be impeded by adoption of bad
practices. Fix the root cause not the
On 06/03/14 08:53, Tony Finch wrote:
Jason Hellenthal jhellent...@dataix.net wrote:
I recall spending a LOT of time with DNSSEC figuring out all the
nonsense but like anything else stability and friendliness has to start
somewhere. And development should not be impeded by adoption of bad
Hi Evan,
Evan Hunt e...@isc.org writes:
On Thu, Mar 06, 2014 at 08:55:28AM +0100, Carsten Strotmann wrote:
I agree that it might be nice to change dnssec-keygen to make the tool
more userfriendly. The current state-of-things is because of historic
developments in how DNSSEC came to birth.
there could be a hard-link from a name like tsig-keygen to
dnssec-keygen which changes the type of key created to -n HOST. That
would not require any change to the existing interface. Just an idea.
Thanks, Carsten. I had actually had the same thought after writing my post
last night, though I
-bounces+gaurav.kansal=nic...@lists.isc.org] On Behalf Of
Evan Hunt
Sent: Thursday, March 6, 2014 10:08 PM
To: Carsten Strotmann
Cc: bind-users@lists.isc.org
Subject: Re: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in
dnssec-keygen
there could be a hard-link from a name like tsig
Hello Evan,
Evan Hunt e...@isc.org writes:
there could be a hard-link from a name like tsig-keygen to
dnssec-keygen which changes the type of key created to -n HOST. That
would not require any change to the existing interface. Just an idea.
Thanks, Carsten. I had actually had the same
, 2014 3:58 AM
To: Gaurav Kansal
Cc: bind-users@lists.isc.org
Subject: Re: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in
dnssec-keygen
Gaurav Kansal mailto:gaurav.kan...@nic.in gaurav.kan...@nic.in wrote:
I have doubt in this only. What's the difference between Zone
On 3/6/14, 12:40 AM, Gaurav Kansal wrote:
I was wondering if HMAC* keys are not used for zone then why the same is
displayed when we use dnssec-keygen -h
Because dnssec-keygen is used to generate more than just DNSSEC zone keys.
AlanC
signature.asc
Description: OpenPGP digital signature
Gaurav Kansal gaurav.kan...@nic.in writes:
I was wondering if HMAC* keys are not used for zone then why the same
is displayed when we use dnssec-keygen -h.
the tool dnssec-keygen can be used to create both zone keys (with
-n ZONE) for DNSSEC zone signing, and host keys (with -n HOST) for
TSIG
Dear Team,
I am using RSASHA1 key generation algorithm for generating the KSK and ZSK.
Today, I tried to generate the algorithm using RSASHA512 and HMAC-SHA256
algorithm.
Key generation through RSASHA512 algorithm run successfully but while
generating the keys through HMAC-SHA512
Gaurav Kansal gaurav.kan...@nic.in wrote:
I have doubt in this only. What's the difference between Zone or Host ??
Zone keys are used for DNSSEC signing zones.
Host keys are used for TSIG transaction authentication, for securing zone
transfers or dynamic updates.
I also want to know which
15 matches
Mail list logo
