[Cryptech Core] plan
Leif Johansson
leifj at sunet.se
Sat Jul 18 06:01:26 UTC 2015
> 18 jul 2015 kl. 07:28 skrev Rob Austein <sra at hactrn.net>:
>
> At Sat, 18 Jul 2015 04:44:14 +0200, Randy Bush wrote:
>>
>> it is not clear from email what the client opendsnsec signer host can
>> be. can it be a user's mac/ubuntu/... or does it need a 32-bit machine.
>
> Jakob and Leif are the authorities on this, but am pretty sure the
> signer itself requires a 32-bit machine in this setup.
>
> Just to get everybody on the same page here, the main problems
> yesterday were not in Cryptech code per se, they were in:
>
> a) OpenDNSSEC itself, which doesn't run on ARM this week; and
actually the crypto bits run just fine, its all the ancillary stuff needed to parse & generate zonefiles that isn't ported to arm
>
> b) pkcs11-proxy (the third-party tool Jakob and Leif are using to
> extrude PKCS #11 over the net so we can use the Novena as an HSM
> while running OpenDNSSEC itself elsewhere), which apparently cannot
> cope with client and server on machines with different word sizes.
>
> Bottom line is that the OpenDNSSEC signer needs to run on a 32-bit
> i386 VM, preferably running Ubuntu rather than Debian due to bugs in
> pkcs11-proxy's packaging.
For testing you can just build pkcs11-proxy wo packaging it - wrote build+setup instructions on wiki.cryptech.is/PKCS11Proxy
>
>> if the latter, can the workshop attendee who does not have a 32-bit vm
>> (or we) just set up a signer account on each movena?
>
> Not sure what you mean by this, but if you're asking whether it works
> to run OpenDNSSEC itself on the Novena, the answer is no, see (a).
> _______________________________________________
> Core mailing list
> Core at cryptech.is
> https://lists.cryptech.is/listinfo/core
More information about the Core
mailing list