> > Also, generate a TSIG key to use for the initial TKEY negotiation. > > I thought the point of TKEY was to upgrade from slow public key > authentication to fast secret key authentication, i.e. that you would > start off by authenticating the client with SIG(0).
TKEY should work with SIG(0), but I don't have any code to show you that generates SIG(0)-signed TKEY requests -- keycreate.c in the test suite uses TSIG, so I adapted the recipe to that. (Unless some other DNS implementation provides a tool for this purpose? If you know of one, please let me know.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
