Re: 'tsig-keygen' vs 'dnssec-keygen' - keysize

> -Original Message- >> From: Evan Hunt [mailto:e...@isc.org] >> Sent: Thursday, 6 September 2018 4:35 PM >> To: Browne, Stuart >> Cc: Mark Andrews; bind-users@lists.isc.org >> Subject: Re: 'tsig-keygen' vs 'dnssec-keygen' - keysize >> &g

RE: 'tsig-keygen' vs 'dnssec-keygen' - keysize

> -Original Message- > From: Evan Hunt [mailto:e...@isc.org] > Sent: Thursday, 6 September 2018 4:35 PM > To: Browne, Stuart > Cc: Mark Andrews; bind-users@lists.isc.org > Subject: Re: 'tsig-keygen' vs 'dnssec-keygen' - keysize > > > I

Re: 'tsig-keygen' vs 'dnssec-keygen' - keysize

On Thu, Sep 06, 2018 at 04:28:23AM +, Browne, Stuart via bind-users wrote: > Ok, then here goes me in my not-really-understanding HMAC properly. > > When using 'dnssec-keygen -a hmac-md5 -b 512 -n HOST some-name' (512 > being the max keysize lited in 'dnssec-keygen -h'), we end up with an 88 >

RE: 'tsig-keygen' vs 'dnssec-keygen' - keysize

> Sent: Wednesday, 5 September 2018 3:40 PM > To: Browne, Stuart > Cc: bind-users@lists.isc.org > Subject: Re: 'tsig-keygen' vs 'dnssec-keygen' - keysize > > > > On 5 Sep 2018, at 2:50 pm, Browne, Stuart via bind-users us...@lists.isc.org> wrote:

Re: 'tsig-keygen' vs 'dnssec-keygen' - keysize

> On 5 Sep 2018, at 2:50 pm, Browne, Stuart via bind-users > wrote: > > Was adding in some new internal functionality and noted that the > 'tsig-keygen' tool doesn’t > give the ability to alter the keysize like dnssec-keygen does for generating > HMAC based tsig keys. > > I also noticed that

'tsig-keygen' vs 'dnssec-keygen' - keysize

Was adding in some new internal functionality and noted that the 'tsig-keygen' tool doesn't give the ability to alter the keysize like dnssec-keygen does for generating HMAC based tsig keys. I also noticed that in 9.13, dnssec-keygen will no longer be able to generate HMAC tsig's, so I'm wonder