[bind10-dev] crypto API
Francis Dupont
fdupont at isc.org
Thu Feb 25 16:18:46 UTC 2010
The main question is inheritance vs embedding, i.e., if class X uses
class Y do we want:
class X : Y
or
class X {
Y y;
}
Now we need:
- raw hash (at the top of most things)
- keyed hash
- HMAC (a case of keyed hash)
- iterated hash (a more complex case of keyed hash)
- signature public key (derives from raw hash)
- signature private key (which includes the previous one)
- DH?
Note generation and signing relies on a cryptographic random source.
I strongly suggest as high level as possible interfaces, perhaps
the answer to the first question is to simply put it in implementations
(so it becomes implementation dependent).
The last point is do we want the whole thing or to make the DNSSEC
part optional (as in BIND 9 but IMHO justification is historic only)?
Francis Dupont <fdupont at isc.org>
PS: look at racoon2 for an example of high level interfaces.
More information about the bind10-dev
mailing list