[bind10-dev] OpenDNSSEC HSM, was Planning for next sprint - input required
Jelte Jansen
jelte at isc.org
Wed Dec 8 20:25:13 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/03/2010 09:07 PM, Shane Kerr wrote:
>>
>> OpenDNSSEC has quite a sexy interface for this; the only thing you pass around
>> are key identifiers, and it figures out by itself which HSM that is to be used
>> in. I suggest we take a similar approach (i.e. not only use pkcs#11 as the
>> general backend interface, but also abstract away from HSM's in use and
>> configuration).
>
> I wonder if we can't just use this OpenDNSSEC code? After all, we've
> tried to minimize wheel-reinvention in BIND 10....
>
not directly; it's BSD licensed c code, but the implementation uses ldns for dns
data structures and algorithm identifiers etc. So we'd at the very least have to
port it to use libdns++.
But it's quite small, actually, and before we write anything I would suggest we
take a look at the API for inspiration :)
Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkz/6akACgkQ4nZCKsdOncWhNQCePnGxP7CQALM4a9v/fGlpovO+
LfYAoIcjk18u6jCEnxeJjiJAkCnIi3vJ
=F5iV
-----END PGP SIGNATURE-----
More information about the bind10-dev
mailing list