On 01. 10. 24 15:41, Klaus Darilion wrote:
Hi Petr!
It can be said that the interface pushes people to follow RFC 9276, i.e.
no salt and no extra iterations.
It is an pointless exercise which only makes servers easier to DoS for
no benefit.
I understand your decision to push people towards RFC 9276.
Why do you need extra salt? What part of RFC 9276 does not apply to your
situation? I'm curious!
As said I was debugging NSEC3 issues of a zone which currently uses a salt, and
I wanted to reproduce the same hasing as those zone currently use. So I do not
want to use a salt in production, but only in testing.
Apologies, I forgot the context about debugging something. It makes
sense then.
--
Petr Špaček
Internet Systems Consortium
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
