/
Selecting a TSIG Key Format
Selecting a TSIG Key Format
- Gary Leicht
- Shirly Tsang
Owned by Gary Leicht
In 2017, security problems were discovered in two nameservers that were following [RFC2845] and [RFC4635] (that is, TSIG and HMAC-SHA extension) specifications strictly. The implementations were fixed, and to avoid similar problems in the future, the two specification documents were updated and merged; the result is the revised specification for TSIG.
The second area where the secret key–based MACs specified in this document can be used is to authenticate DNS-update requests and transaction responses. This approach would be a lightweight alternative to the protocol described in [RFC3007].
Note
Use of TSIG presumes that the resolver and server have already agreed about the algorithm and key they will use.
Related content
Introduction
Introduction
More like this
About DNS
About DNS
More like this
About DNS
About DNS
More like this
About GSS-TSIG
About GSS-TSIG
More like this