dnsext-11----Page:3
1 2 3 4 5 6 7 8 9 10
|
TSIG Algorithms Current TSIG Proposed Standard [RFC 2845] defines only “HMAC-MD5.SIG-ALG.REG.INT”. Weaknesses in MD5/SHA-1 do not apply to HMAC so it may be OK but: Some people want to use government approved algorithms, i.e., at least SHA-1. Various SHA-224+ algorithms are believed to be stronger than MD5/SHA-1. Some people want to truncate their MACs. |