BIND 10 #2402: split cryptolink sign/verify
BIND 10 Development
do-not-reply at isc.org
Wed Oct 24 12:22:32 UTC 2012
#2402: split cryptolink sign/verify
-------------------------------------+-------------------------------------
Reporter: fdupont | Owner:
Type: enhancement | fdupont
Priority: medium | Status: new
Component: Unclassified | Milestone: New
Sensitive: 0 | Tasks
Sub-Project: Core | Keywords:
Estimated Difficulty: 0 | Defect Severity: Low
Total Hours: 0 | Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
As discussed in the bind10-dev mailing list, PKCS#11 and some other crypto
libraries make a difference between a context for a signing or for a
verify operation, so typically the update() function has two different and
incompatible instances.
There are two ways to fix this in crypto link:
- the hard/heavy but statically checked way by split classes into a
verify and a sign variants
- the soft but dynamically checked way but just adding a 2 item enum
about the expected operation
The bind 9 PKCS#11 only experiment showed the second/soft way is enough.
--
Ticket URL: <http://bind10.isc.org/ticket/2402>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list