On Fri, Jul 31, 2009 at 03:32:48PM +1000, Mark Andrews wrote: > In message <[email protected]>, Joseph S D Yao writes: ... > > Plus, I'm curious to know what 'dig -k' really wants to see. > > A keyfile as generated by "dnssec-keygen -a HMAC-*". ...
Of which there are two - a .key file and a .private file. But I never thought of using the .private file format! Next week ... > HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 or HMAC-SHA512. Now, I must not have been paying attention - all my written down [or electronically inscribed] information says that the HMAC-MD5 algorithm must be used for TSIG. When did this get opened up? Thanks! -- /*********************************************************************\ ** ** Joe Yao [email protected] - Joseph S. D. Yao ** \*********************************************************************/ _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
