Warren Kumari wrote:
>
> This reminds me of some interesting (well, interesting to me :-)) related
> research Ben Laurie and I did around that time -- while looking at the
> distribution of generated keys I noticed that OpenSSL / GnuTLS generate a
> different distribution than e.g mbedTLS.
On Mon, Sep 10, 2018 at 4:45 AM Ray Bellis wrote:
> On 09/09/2018 18:51, Mark Elkins wrote:
> > Just for the record, although I do look from a curiosity point of view
> > for Identical Key ID's once every few month - I've never seen them -
> > until now.
> >
> > Now I have them - generated by
On Sun, Sep 9, 2018 at 2:30 PM Anand Buddhdev wrote:
> On 09/09/2018 19:51, Mark Elkins wrote:
>
> > Never assume a KeyID is unique. :-)
>
> One of the DNSSEC RFCs specifically says that the KeyID is not meant to
> be unique. I can't remember which one, and it's too late on a Sunday
> evening
Mark Elkins wrote:
> Never assume a KeyID is unique. :-)
Good tools ensure that key IDs are unique per zone. For example, if you
keep generating keys for a zone with `dnssec-keygen` it will eventually
get into an infinite loop perpetually generating colliding keys!
Apart from the footgun that
On 09/09/2018 18:51, Mark Elkins wrote:
> Just for the record, although I do look from a curiosity point of view
> for Identical Key ID's once every few month - I've never seen them -
> until now.
>
> Now I have them - generated by BIND within a few days of each other...
>
> I've been running
On 09/09/2018 19:51, Mark Elkins wrote:
> Never assume a KeyID is unique. :-)
One of the DNSSEC RFCs specifically says that the KeyID is not meant to
be unique. I can't remember which one, and it's too late on a Sunday
evening to be reading RFCs :)
Even then, I've had the misfortune of dealing
Just for the record, although I do look from a curiosity point of view
for Identical Key ID's once every few month - I've never seen them -
until now.
Now I have them - generated by BIND within a few days of each other...
-rw-r--r-- 1 root root 431 Aug 18 00:03 Kipv6.org.za.+008+46578.key
7 matches
Mail list logo