-
-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TSIG Support #11
Comments
My Update code looks like this:
For the API, I could use something like:
in the OPT section or would you prefer something else? |
Oops, I think I remembered that wrong. It's just the last record, not in the OPT but after the OPT. |
Or maybe the API should be more like:
|
There’s two parts to this. First you need to add The more advance version is also more complex to implement. It would take a key and some parameters (like fuzz), calculate the signature and the TSIG record, add that to the additional section, and freeze the message (assuming TSIG is always last). That would require some trait for the algorithms. I think it would look something like the one we did for rpki-rs. except it should also allow validation. For validation, it would be cool if |
Addendum: If you prefer me taking a stab at the implementation, I’d be happy to. I want to get started at implementing zone signing, anyway, so this might be a good time to lay out the underlying infrastructure for swapping out signers etc. |
Yes, please do. I welcome the assistance. |
Quick question: Do you need to support HMAC-MD5 or is the SHA family sufficient. Background is that ring doesn’t seem support MD5 but I would like to only depend on ring. |
No, I will not need MD5. Probably only use SHA-256 for the foreseeable future. |
Quick update: I have an initial implementation. Cleaning this up now and hoping to have it ready tomorrow. |
Nice! I will try it out at the IETF Hackathon if not before. |
This has been implemented in #16 which has been merged. |
I'll be needing TSIG support for Update. I'll be glad to add this feature but I'll need some coaching. Can you point me in the right direction?
The text was updated successfully, but these errors were encountered: