TSIG-GSS keys should be deleted after use
@pspacek pointed out in !7629 (merged):
Can we have test for key removal (coverage shows it's not tested)?
This is a problem. That code path was previously tested in the tkey
system test, which negotiated the creation of DH keys and then deleted them, but that test has been removed now.
The tsiggss
test runs nsupdate
, which sets up GSS keys, but never deletes them.
RFC 3645 says:
When the client is not intended to continue using the established
security context, the client SHOULD delete an active context by
calling GSS_Delete_sec_context providing the associated
context_handle, AND client SHOULD delete the established context on
the DNS server by using TKEY RR with the Mode field set to 5, i.e.,
"key deletion" [RFC2930].
I take this to mean that nsupdate
should be sending a delete message for negotiated keys when it's shutting down.