SIG(0) was implemented in BIND 9 back when BIND 9 was basically the only modern implementation, and no one used it then. The fact that no servers have implemented it since then means that there really isn’t any demand.
Brian > On Jun 19, 2018, at 2:20 PM, Mark Andrews <ma...@isc.org> wrote: > > SIG(0) is much superior for machines updating their own data to TSIG as you > don’t need a secondary storage for the TSIG key. You can replace a master > server without having to worry about transferring TSIG secrets off a dead > machine. You just copy the zone from a slave and go. > > There are other scenarios where it is also superior like automaton delegating > In the reverse tree. > > No I don’t think it should go. > > It should be widely implemented so it can be used. There is a lot of self > fulfilling prophecy in the DNS of people will never is this so we won’t > implement it. > > -- > Mark Andrews > >> On 20 Jun 2018, at 06:48, Ondřej Surý <ond...@isc.org> wrote: >> >> Hi, >> >> as far as I could find on the Internet there are only SIG(0) implementation >> in handful DNS implementations - BIND, PHP Net_DNS2 PHP library, >> Net::DNS(::Sec) Perl library, trust_dns written in Rust and perhaps others I >> haven’t found; no mentions of real deployment was found over the Internet >> (but you can blame Google for that)... >> >> Do people think the SIG(0) is something that we should keep in DNS and it >> will be used in the future or it is a good candidate for throwing off the >> boat? >> >> Ondrej >> -- >> Ondřej Surý >> ond...@isc.org >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
