regen master

630d1a9b · Tinderbox User · 19b7c049 · 630d1a9b · 630d1a9b · 630d1a9b
Commit 630d1a9b authored Jan 20, 2018 by Tinderbox User
6 changed files
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
-.\" Copyright (C) 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -66,19 +66,19 @@ must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA51
 \fB\-T KEY\fR
 option as well\&.
 .sp
-TSIG keys can also be generated by setting the value to one of HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512\&. As with DH, specifying these values will automatically set
-\fB\-T KEY\fR\&. Note, however, that
-\fBtsig\-keygen\fR
-produces TSIG keys in a more useful format\&. These algorithms have been deprecated in
-\fBdnssec\-keygen\fR, and will be removed in a future release\&.
-.sp
 These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 or DSA is specified along with the
 \fB\-3\fR
 option, then NSEC3RSASHA1 or NSEC3DSA will be used instead\&.
 .sp
-As of BIND 9\&.12\&.0, this option is mandatory except when using the
+This parameter
+\fImust\fR
+be specified except when using the
 \fB\-S\fR
-option, which copies the algorithm from the predecessor key\&. Previously, the default for newly generated keys was RSASHA1\&.
+option, which copies the algorithm from the predecessor key\&.
+.sp
+In prior releases, HMAC algorithms could be generated for use as TSIG keys, but that feature has been removed as of BIND 9\&.13\&.0\&. Use
+\fBtsig\-keygen\fR
+to generate TSIG keys\&.
 .RE
 .PP
 \-b \fIkeysize\fR
@@ -369,5 +369,5 @@ RFC 4034\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 - 
 - This Source Code Form is subject to the terms of the Mozilla Public
 - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -107,16 +107,6 @@
 	    his value will automatically set the <code class="option">-T KEY</code>
 	    option as well.
 	  </p>
-	  <p>
-	    TSIG keys can also be generated by setting the value to
-	    one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
-	    HMAC-SHA384, or HMAC-SHA512.  As with DH, specifying these
-	    values will automatically set <code class="option">-T KEY</code>. Note,
-	    however, that <span class="command"><strong>tsig-keygen</strong></span> produces TSIG keys
-	    in a more useful format. These algorithms have been deprecated
-	    in <span class="command"><strong>dnssec-keygen</strong></span>, and will be removed in a
-	    future release.
-	  </p>
 	  <p>
 	    These values are case insensitive. In some cases, abbreviations
 	    are supported, such as ECDSA256 for ECDSAP256SHA256 and
@@ -125,10 +115,15 @@
 	    or NSEC3DSA will be used instead.
 	  </p>
 	  <p>
-	    As of BIND 9.12.0, this option is mandatory except when using
-	    the <code class="option">-S</code> option, which copies the algorithm from
-	    the predecessor key.  Previously, the default for newly
-	    generated keys was RSASHA1.
+	    This parameter <span class="emphasis"><em>must</em></span> be specified except
+	    when using the <code class="option">-S</code> option, which copies the
+	    algorithm from the predecessor key.
+	  </p>
+	  <p>
+	    In prior releases, HMAC algorithms could be generated for
+	    use as TSIG keys, but that feature has been removed as of
+	    BIND 9.13.0. Use <span class="command"><strong>tsig-keygen</strong></span> to generate
+	    TSIG keys.
 	  </p>
 	</dd>
 <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>

--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -42,6 +42,7 @@
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License</a></span></dt>
@@ -104,6 +105,18 @@

  <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+	<p>
+	  <span class="command"><strong>dnssec-keygen</strong></span> can no longer generate HMAC
+	  keys for TSIG authentication. Use <span class="command"><strong>tsig-keygen</strong></span>
+	  to generate these keys. [RT #46404]
+	</p>
+      </li></ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
 	<p>

--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -242,6 +242,7 @@
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License</a></span></dt>

--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -125,16 +125,6 @@
 	    his value will automatically set the <code class="option">-T KEY</code>
 	    option as well.
 	  </p>
-	  <p>
-	    TSIG keys can also be generated by setting the value to
-	    one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
-	    HMAC-SHA384, or HMAC-SHA512.  As with DH, specifying these
-	    values will automatically set <code class="option">-T KEY</code>. Note,
-	    however, that <span class="command"><strong>tsig-keygen</strong></span> produces TSIG keys
-	    in a more useful format. These algorithms have been deprecated
-	    in <span class="command"><strong>dnssec-keygen</strong></span>, and will be removed in a
-	    future release.
-	  </p>
 	  <p>
 	    These values are case insensitive. In some cases, abbreviations
 	    are supported, such as ECDSA256 for ECDSAP256SHA256 and
@@ -143,10 +133,15 @@
 	    or NSEC3DSA will be used instead.
 	  </p>
 	  <p>
-	    As of BIND 9.12.0, this option is mandatory except when using
-	    the <code class="option">-S</code> option, which copies the algorithm from
-	    the predecessor key.  Previously, the default for newly
-	    generated keys was RSASHA1.
+	    This parameter <span class="emphasis"><em>must</em></span> be specified except
+	    when using the <code class="option">-S</code> option, which copies the
+	    algorithm from the predecessor key.
+	  </p>
+	  <p>
+	    In prior releases, HMAC algorithms could be generated for
+	    use as TSIG keys, but that feature has been removed as of
+	    BIND 9.13.0. Use <span class="command"><strong>tsig-keygen</strong></span> to generate
+	    TSIG keys.
 	  </p>
 	</dd>
 <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>

--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -67,6 +67,18 @@

  <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+	<p>
+	  <span class="command"><strong>dnssec-keygen</strong></span> can no longer generate HMAC
+	  keys for TSIG authentication. Use <span class="command"><strong>tsig-keygen</strong></span>
+	  to generate these keys. [RT #46404]
+	</p>
+      </li></ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
 	<p>