Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen
Carsten Strotmann
cas at strotmann.de
Thu Mar 6 10:34:45 UTC 2014
Hi Evan,
Evan Hunt <each at isc.org> writes:
> On Thu, Mar 06, 2014 at 08:55:28AM +0100, Carsten Strotmann wrote:
>> I agree that it might be nice to change "dnssec-keygen" to make the tool
>> more userfriendly. The current state-of-things is because of historic
>> developments in how DNSSEC came to birth.
>
> ...and lots of people dealing with dnssec-keygen's user-unfriendliness
> by writing shell scripts to run it, which will break if we change its
> interface now. A lot of old mistakes have gotten chiseled into stone
> by that.
there could be a hard-link from a name like "tsig-keygen" to
"dnssec-keygen" which changes the type of key created to "-n HOST". That
would not require any change to the existing interface. Just an idea.
I'm not suggesting to change the existing interface, as it will break
existing stuff.
-- Carsten
More information about the bind-users
mailing list