> > Also, generate a TSIG key to use for the initial TKEY negotiation.
>
> I thought the point of TKEY was to upgrade from slow public key
> authentication to fast secret key authentication, i.e. that you would
> start off by authenticating the client with SIG(0).
TKEY should work with SIG(0), bu
Evan Hunt wrote:
>
> Also, generate a TSIG key to use for the initial TKEY negotiation.
I thought the point of TKEY was to upgrade from slow public key
authentication to fast secret key authentication, i.e. that you would
start off by authenticating the client with SIG(0).
Tony.
--
f.anthony.n.
On Wed, Jan 30, 2013 at 11:14:04AM +0800, Kent Tong wrote:
> Thanks for the kind and excellent replies! So, currently there is no way
> for the client to negotiate the key on-demand automatically?
I don't see a way, no.
There's a partially-implemented feature where negotiated keys can be dumped
t
Hi all,
On Wed, Jan 30, 2013 at 5:27 AM, Evan Hunt wrote:
>
> The key generated by keycreate can then be used on the client side
> to sign transfer requests:
>
> key negotiated-key.server {
> algorithm hmac-md5;
> secret "MlNODIuzTrNMgSLRCFB1Iw==";
> };
>
Thanks for the
On Tue, Jan 29, 2013 at 04:22:07PM +0800, Kent Tong wrote:
> I read that Bind9 supports using TKEY for zone transfers. However, I don't
> understand how the TKEY negotiation is triggered.
Huh. That is much harder than it ought to be (a fact I hadn't realized
until now, as I'd never had occasion t
In message
, Kent Tong writes:
>
> Hi,
>
> I read that Bind9 supports using TKEY for zone transfers. However, I don't
> understand how the TKEY negotiation is triggered. In comparison, for
> dynamic updates, the update-policy will require Bind to determine the
> identity of the requester, but f
Hi,
I read that Bind9 supports using TKEY for zone transfers. However, I don't
understand how the TKEY negotiation is triggered. In comparison, for
dynamic updates, the update-policy will require Bind to determine the
identity of the requester, but for zone transfer there is only a
allow-transfer
7 matches
Mail list logo
