BIND 10 #2402: split cryptolink sign/verify
BIND 10 Development
do-not-reply at isc.org
Wed Nov 14 15:37:34 UTC 2012
#2402: split cryptolink sign/verify
-------------------------------------+-------------------------------------
Reporter: | Owner: fdupont
fdupont | Status: new
Type: | Milestone:
enhancement | Resolution:
Priority: | Sensitive: 0
medium | Sub-Project: Core
Component: | Estimated Difficulty: 4
Unclassified | Total Hours: 0
Keywords: |
Defect Severity: Low |
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by fdupont):
Replying to [comment:2 shane]:
> So this is something for the future when we add PKCS!#11 support?
=> yes, it is needed for any crypto API where sign and verify are split.
PKCS!#11 is just an example. BTW most "good" crypto APIs split the two
operations because it is silly from a security point of view to get/keep
the private key for a verify operation...
--
Ticket URL: <http://bind10.isc.org/ticket/2402#comment:4>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list