[Freeipa-devel] DNSSEC design page

Simo Sorce simo at redhat.com
Mon Feb 24 19:20:46 UTC 2014


On Mon, 2014-02-24 at 13:11 +0100, Ludwig Krispenz wrote:
> Hi,
> 
> here is a draft to start discussion. Lt me know if it is the right 
> direction and what you're missing.
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/pkcs11Schema

I think we need to think hard if you really can make all those
attributes a MUST for the private key, as not all the attributes seem to
apply to all encryption algorithms. Would have to have to add bogus
attributes in some cases.

Also can you add some examples on how we would use these classes to
store DNS keys ?

Ideally the example would show the LDAP tree and some example data in
detail, and also what operation we think would be common.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-devel mailing list