[Cryptech Core] dnssec signer

Jakob Schlyter jakob at kirei.se
Tue Jul 14 14:49:41 UTC 2015


> On 14 jul 2015, at 16:23, Randy Bush <randy at psg.com> wrote:
> 
>>> Except we don't have the last part. The install ends with
>>> libpkcs11.so.  AIUI, we need the opendnssec signer working over this
>>> pkcs11, or we need to quickly implement increment hashing, so we can
>>> use the bind9 signer (see ticket #39).
>> Using OpenDNSSEC sucks less IMHO since we also get the hsm- toolset.
> 
> which is easier for user to set up and run when what is of interest is
> not the dns code?

IMHO, OpenDNSSEC. At least, it's better documented for PKCS#11.

> 
>> I will tweek my OpenDNSSEC training material to cover what's needed,
>> shouldn't take more than an hour friday morning.
> 
> rob's and paul's tradeoff between hacking and testing bind now vs if
> they want to cut it that close in time.

I think we should provide the API calls needed to support BIND 9.10. If easy, now is better than later. I can help testing Friday.

	jakob




More information about the Core mailing list