[Cryptech Core] plan

Rob Austein sra at hactrn.net
Sat Jul 18 05:27:58 UTC 2015

Previous message (by thread): [Cryptech Core] plan
Next message (by thread): [Cryptech Core] plan
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At Sat, 18 Jul 2015 04:44:14 +0200, Randy Bush wrote:
> 
> it is not clear from email what the client opendsnsec signer host can
> be.  can it be a user's mac/ubuntu/... or does it need a 32-bit machine.

Jakob and Leif are the authorities on this, but am pretty sure the
signer itself requires a 32-bit machine in this setup.

Just to get everybody on the same page here, the main problems
yesterday were not in Cryptech code per se, they were in:

a) OpenDNSSEC itself, which doesn't run on ARM this week; and

b) pkcs11-proxy (the third-party tool Jakob and Leif are using to
   extrude PKCS #11 over the net so we can use the Novena as an HSM
   while running OpenDNSSEC itself elsewhere), which apparently cannot
   cope with client and server on machines with different word sizes.

Bottom line is that the OpenDNSSEC signer needs to run on a 32-bit
i386 VM, preferably running Ubuntu rather than Debian due to bugs in
pkcs11-proxy's packaging.

> if the latter, can the workshop attendee who does not have a 32-bit vm
> (or we) just set up a signer account on each movena?

Not sure what you mean by this, but if you're asking whether it works
to run OpenDNSSEC itself on the Novena, the answer is no, see (a).

Previous message (by thread): [Cryptech Core] plan
Next message (by thread): [Cryptech Core] plan
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Core mailing list