... | ... | @@ -8,7 +8,7 @@ The sections below are not listed in any particular order. This is not a recomme |
|
|
|
|
|
Kea has support for two cryptographic libraries: Botan and OpenSSL. This is both compile and run-time dependency. The library is chosen at compilation time. The binaries use only one library that is chosen at compilation time. Most deployments use OpenSSL, because it's much more popular, but Botan remains a fully supported alternative.
|
|
|
|
|
|
The primary use case for the cryptographic libraries is generation of TSIG signatures and calculating DHCID records when sending DNS Updates. One way to limit OpenSSL or Botan usage is to choose to not use DDNS. The libraries would still be necessary to build Kea, but the code would never be used, so any potential bugs in them would never had a chance to be exploited.
|
|
|
The primary use case for the cryptographic libraries is generation of TSIG signatures and calculating DHCID records when sending DNS Updates. One way to limit OpenSSL or Botan exposure is to choose to not use DDNS. The libraries would still be necessary to build Kea, but the code would never be used, so any potential bugs in them would never had a chance to be exploited.
|
|
|
|
|
|
## TSIG signatures
|
|
|
|
... | ... | |