[bind10-dev] C++ TSIG API: design/code/next steps

[JINMEI Tatuya / 神明達哉]

I've completed an initial step of the whole TSIG related tasks:
C++ API (with implementation) for TSIG signing.  It's in ticket #812
and the implementation is in the review queue.  Since many other
things explicitly or implicitly rely on it, I'm sharing some
information about it.

The basic design (that also covers the verify scenario to some extent)
is documented in the source code.  Here's a copy of an HTML version of
the doxygen document:
http://bind10.isc.org/~jinmei/bind10/cpp/classisc_1_1dns_1_1_t_s_i_g_context.html
http://bind10.isc.org/~jinmei/bind10/cpp/classisc_1_1dns_1_1_t_s_i_g_record.html
(the design will be reviewed as part of code review, but if someone in
this list has comments on it, that would also be very helpful)

If we want to parallelize the remaining work, we may be able to do
something like this, once we agree on the basic API design:
- when we agree on the design and basic interface of the classes, we
  can start the verify part (#813) based on the latest branch of
  trac812.  If no one else is interested in it I'm willing to take on
  it, but someone is interested in this work it may be better in that
  we can have a second eye on the design.
- likewise, when we agree on the design and basic interface, we can
  probably start implementing the python wrapper (#814) for the
  signing part.  (With this approach we'd divide the task into
  sign/verify parts, too)
- likewise, when we agree on the design and basic interface, we can
  start #856 (using TSIG in our experimental "host" implementation).
  This is probably a 30min job, and would be better to be done by
  someone other than me so that we can see how easy/difficult the API
  is to use.
- If the python wrapper for signing is implemented, we could also
  start developing xfrin (it cannot verify the response, but at least
  it can send AXFR requests with a valid TSIG sign).

---
JINMEI, Tatuya