In message <1fb3db93-eb08-4864-9d3c-e48da9fc5...@redbarn.org>, P Vixie writes: > Tsig won't scale for something like this. Please consider sig0.
I've got no objection to sig(0) but why won't it scale? There is a existing relationship so public key cyptography isn't needed. Sig(0) would require the KEY record to be in the parent zone or to be held by the registrar in a seperate database. In the later case you either need a database of KEY records or a database of TSIG keys. As far as I can tell there is no difference in the scaling requirements. Sig(0) might be marginally more secure as only one side holds material than needs to be kept private. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
