BIND 10 #2402: split cryptolink sign/verify
BIND 10 Development
do-not-reply at isc.org
Wed Nov 14 15:35:08 UTC 2012
#2402: split cryptolink sign/verify
-------------------------------------+-------------------------------------
Reporter: | Owner: fdupont
fdupont | Status: new
Type: | Milestone:
enhancement | Resolution:
Priority: | Sensitive: 0
medium | Sub-Project: Core
Component: | Estimated Difficulty: 4
Unclassified | Total Hours: 0
Keywords: |
Defect Severity: Low |
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Description changed by fdupont:
Old description:
> As discussed in the bind10-dev mailing list, PKCS#11 and some other
> crypto libraries make a difference between a context for a signing or for
> a verify operation, so typically the update() function has two different
> and incompatible instances.
> There are two ways to fix this in crypto link:
> - the hard/heavy but statically checked way by split classes into a
> verify and a sign variants
> - the soft but dynamically checked way but just adding a 2 item enum
> about the expected operation
> The bind 9 PKCS#11 only experiment showed the second/soft way is enough.
New description:
As discussed in the bind10-dev mailing list, PKCS!#11 and some other
crypto libraries make a difference between a context for a signing or for
a verify operation, so typically the update() function has two different
and incompatible instances.
There are two ways to fix this in crypto link:
- the hard/heavy but statically checked way by split classes into a
verify and a sign variants
- the soft but dynamically checked way but just adding a 2 item enum
about the expected operation
The bind 9 PKCS!#11 only experiment showed the second/soft way is enough.
--
--
Ticket URL: <http://bind10.isc.org/ticket/2402#comment:3>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list