[Cryptech Core] dnssec signer
Rob Austein
sra at hactrn.net
Tue Jul 14 21:17:20 UTC 2015
At Tue, 14 Jul 2015 12:44:47 +0200, Jakob Schlyter wrote:
>
> Using OpenDNSSEC sucks less IMHO since we also get the hsm- toolset.
Which is good for what, exactly? Serious question, not scoffing.
> I will tweek my OpenDNSSEC training material to cover what's needed,
> shouldn't take more than an hour friday morning.
"What could possibly go wrong?"
At Tue, 14 Jul 2015 16:49:41 +0200, Jakob Schlyter wrote:
>
> > which is easier for user to set up and run when what is of
> > interest is not the dns code?
>
> IMHO, OpenDNSSEC. At least, it's better documented for PKCS#11.
Probably true, although I will confess that OpenDNSSEC configuration
makes my head hurt and I was only planning to use the BIND 9.10
command line tools (both for relative simplicity and because named
needs more algorithms than we can fit in the Novena's FPGA).
BIND 9.10 does have some PKCS #11 doc. Like much of BIND's doc, it
even sort of makes sense after one already understands what it's
trying to explain.
> I think we should provide the API calls needed to support BIND
> 9.10. If easy, now is better than later. I can help testing Friday.
Stalled waiting for Verilog support (hash core state save/restore).
More information about the Core
mailing list