On 23.6.2018 19:09, Evan Hunt wrote: > On Fri, Jun 22, 2018 at 10:26:55PM -0400, Warren Kumari wrote: >> So, if I set both to use their (non-default) of SHA256 (and set the same >> secret:-)) do they actually generate compatible cookies? >> I'd guess / assume so, but I haven't tested this... > > That's the intention. Mukund recently pointed out a bug in the hash inputs > BIND is using, so it might not work right now.
There are differences in *inputs* to the hash function in BIND and Knot DNS as well, so it will not work anyway. > We really should have a COOKIE bakeoff (worth doing for the pun alone) to > check for interoperability issues. Montreal would seem like a good time > and place for it, but I'm not going to be able to attend this time, so I > can't volunteer to run it. If someone else wants to step in, that'd be > great. I'm not doing Montreal myself so maybe Bangkok could be the place to test a new spec? -- Petr Špaček @ CZ.NIC _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
