> Has anyone else tried to communicate with TSIG using HMAC-SHA224 between > BIND and other DNS implementations?
We've recently found out about an interoperability flaw affecting all the HMAC-SHA* algorithms; it affects any key with a secret longer than the digest length of the algorithm (which is 28 bytes, for HMAC-SHA224). If your secret is longer than that, try a shorter key and see if that works. If that's the problem, I can give you a workaround for the long key. This bug will be fixed in BIND 9.7.0rc2; I'm not sure at this point whether it will be backported into earlier releases. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
