[rt42272] stronger wording

bin/confgen/rndc-confgen.c

@@ -73,7 +73,7 @@ Usage:\n\
  %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \
 [-s addr] [-t chrootdir] [-u user]\n\
   -a:		 generate just the key clause and write it to keyfile (%s)\n\
-  -A alg:	 algorithm (default hmac-md5)\n\
+  -A alg:	 algorithm (default hmac-md5 (deprecated and will change))\n\
   -b bits:	 from 1 through 512, default 256; total length of the secret\n\
   -c keyfile:	 specify an alternate key file (requires -a)\n\
   -k keyname:	 the name as it will be used  in named.conf and rndc.conf\n\
@@ -115,6 +115,7 @@ main(int argc, char **argv) {
 	const char *randomfile = NULL;
 	const char *serveraddr = NULL;
 	dns_secalg_t alg;
+	isc_boolean_t algset = ISC_FALSE;
 	const char *algname;
 	char *p;
 	int ch;
@@ -153,6 +154,7 @@ main(int argc, char **argv) {
 			keyonly = ISC_TRUE;
 			break;
 		case 'A':
+			algset = ISC_TRUE;
 			algname = isc_commandline_argument;
 			alg = alg_fromtext(algname);
 			if (alg == DST_ALG_UNKNOWN)
@@ -225,6 +227,20 @@ main(int argc, char **argv) {
 	if (argc > 0)
 		usage(1);
 
+	if (alg == DST_ALG_HMACMD5) {
+		if (algset) {
+			fprintf(stderr,
+				"warning: use of hmac-md5 for RNDC keys "
+				"is deprecated; hmac-sha256 is now "
+				"recommended.\n");
+		} else {
+			fprintf(stderr,
+				"warning: the default algorithm hmac-md5 "
+				"is deprecated and will be\n"
+				"changed to hmac-sha256 in a future release\n")
+		}
+	}
+
 	if (keysize < 0)
 		keysize = alg_bits(alg);
 	algname = alg_totext(alg);

bin/confgen/rndc-confgen.docbook

@@ -128,8 +128,12 @@
           <para>
             Specifies the algorithm to use for the TSIG key.  Available
             choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-md5 or
+            hmac-sha384 and hmac-sha512.  The default is hmac-md5, or
-            if MD5 was disabled hmac-sha256.
+            if MD5 was disabled at compile time, hmac-sha256.
+          </para>
+          <para>
+            Note: Use of hmac-md5 is no longer recommended, and the default
+            value will be changed to hmac-sha256 in a future release.
           </para>
         </listitem>
       </varlistentry>

bin/dnssec/dnssec-keygen.c

@@ -582,6 +582,16 @@ main(int argc, char **argv) {
 		INSIST((alg != DNS_KEYALG_RSAMD5) && (alg != DST_ALG_HMACMD5));
 #endif
 
+
+		if (alg == DST_ALG_HMACMD5 || alg == DST_ALG_HMACSHA1 ||
+		    alg == DST_ALG_HMACSHA224 || alg == DST_ALG_HMACSHA256 ||
+		    alg == DST_ALG_HMACSHA384 || alg == DST_ALG_HMACSHA512)
+		{
+			fprintf(stderr,
+				"Use of dnssec-keygen for HMAC keys is "
+				"deprecated: use tsig-keygen\n");
+		}
+
 		if (!dst_algorithm_supported(alg))
 			fatal("unsupported algorithm: %d", alg);
 

bin/dnssec/dnssec-keygen.docbook

@@ -122,12 +122,19 @@
 	    of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
 	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
 	    ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.  For
-            TSIG/TKEY keys, the value must be one of DH (Diffie Hellman),
+	    TKEY and SIG(0) keys, the value must be DH (Diffie Hellman);
-            HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384,
+	    specifying this value will automatically set the
-            or HMAC-SHA512; specifying any of these algorithms will
+	    <option>-T KEY</option> option as well.
-            automatically set the <option>-T KEY</option> option as well.
+	  </para>
-            (Note: <command>tsig-keygen</command> produces TSIG keys in a
+	  <para>
-            more useful format than <command>dnssec-keygen</command>.)
+	    TSIG keys can also by generated by setting the value to
+	    one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
+	    HMAC-SHA384, or HMAC-SHA512.  As with DH, specifying these
+	    values will automatically set <option>-T KEY</option>. Note,
+	    however, that <command>tsig-keygen</command> produces TSIG keys
+	    in a more useful format. These algorithms have been deprecated
+	    in <command>dnssec-keygen</command>, and will be removed in a
+	    future release.
 	  </para>
 	  <para>
 	    These values are case insensitive. In some cases, abbreviations
@@ -138,8 +145,8 @@
 	  </para>
 	  <para>
 	    As of BIND 9.12.0, this option is mandatory except when using
-	    the <option>-S</option> option (which copies the algorithm from
+	    the <option>-S</option> option, which copies the algorithm from
-	    the predecessor key).  Previously, the default for newly
+	    the predecessor key.  Previously, the default for newly
 	    generated keys was RSASHA1.
 	  </para>
 	</listitem>

doc/arm/notes.xml

@@ -477,6 +477,28 @@
 	  they are set.
 	</para>
       </listitem>
+      <listitem>
+	<para>
+	  The use of <command>dnssec-keygen</command> to generate
+	  HMAC keys for TSIG authentication has been deprecated in favor
+	  of <command>tsig-keygen</command>. If the algorithms HMAC-MD5,
+	  HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, or
+	  HMAC-SHA512 are specified, <command>dnssec-keygen</command>
+	  will print a warning message. These algorithms will be
+	  removed from <command>dnssec-keygen</command> entirely in
+	  a future release. [RT #42272]
+	</para>
+      </listitem>
+      <listitem>
+	<para>
+	  The use of HMAC-MD5 for RNDC keys is no longer recommended.
+	  For compatibility, this is still the default algorithm generated
+	  by <command>rndc-confgen</command>, but it will print a
+	  warning message. The default algorithm in
+	  <command>rndc-confgen</command> will be changed to HMAC-SHA256
+	  in a future release. [RT #42272]
+	</para>
+      </listitem>
     </itemizedlist>
   </section>