[bind10-dev] crypto API
Michael Graff
mgraff at isc.org
Fri Feb 26 22:33:58 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2010-02-26 3:14 PM, Francis Dupont wrote:
>> It is an answer. If thing1 IS A thing2, you write it one way. If
>> thing1 HAS A thing2, then you write it another. It's an answer.
>
> => if it is so obvious what this says about public DNSSEC key vs
> private DNSSEC key?
In what context? That is, what HAS the key, or IS the key here?
> => you didn't understand my idea: with other words IMHO it is better to
> adapt existing crypto libs to what BIND 10 needs than the opposite,
> so the API should be designed from the need, not the offer.
> BTW this should guarantee to not be locked to a particular library
> (i.e., not reproduce the BIND 9 and OpenSSL issue).
I think we should use softhsm for all crypto, and not touch openssl. Ever.
- --Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuITFUACgkQ+NNi0s9NRJ3qigCeNK10hs/Yj+SDaeCX0Et2c/uJ
xwoAn22khoyMNhCoctDdJbJrJcatv6JP
=stnq
-----END PGP SIGNATURE-----
More information about the bind10-dev
mailing list