Valdis.Kletnieks at vt.edu wrote: >> It is a lot simpler and a lot more practical just to >> use shared secret between a CPE and a ISP's name server >> for TSIG generation. > > Hmm.. Shared secret between a CPE you don't necessarily control > and your own DNS server? Of course. That is the very basic requirement for any security between two parties. Masataka Ohta