On Fri, Jun 22, 2018 at 10:26:55PM -0400, Warren Kumari wrote: > So, if I set both to use their (non-default) of SHA256 (and set the same > secret:-)) do they actually generate compatible cookies? > I'd guess / assume so, but I haven't tested this...
That's the intention. Mukund recently pointed out a bug in the hash inputs BIND is using, so it might not work right now. We really should have a COOKIE bakeoff (worth doing for the pun alone) to check for interoperability issues. Montreal would seem like a good time and place for it, but I'm not going to be able to attend this time, so I can't volunteer to run it. If someone else wants to step in, that'd be great. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop