[Freeipa-devel] DNSSEC design page
Ludwig Krispenz
lkrispen at redhat.com
Tue Feb 25 14:48:46 UTC 2014
On 02/25/2014 03:11 PM, Simo Sorce wrote:
> On Tue, 2014-02-25 at 14:54 +0100, Ludwig Krispenz wrote:
>>> Any reason why we should follow in detail what softshm does ?
>> because I did't know what is really needed. If you want to have a
>> pkcs11
>> module, which stores data in ldap, I though it should have all the
>> attributes potentially needed.
>> Jan said taht OpenDNSSEC uses CKA_VERIFY, CKA_ENCRYPT, CKA_WRAP,
>> CKA_SIGN, CKA_DECRYPT, CKA_UNWRAP, CKA_SENSITIVE, CKA_PRIVATE,
>> CKA_EXTRACTABLE,
>> so there is at least one requirement for fine grained attributes.
> Does OpenDNSSEC store them as separate entities and need access to them
> independently ?
It's all individual records in the attribute table in teh sql database,
dont know what the access pattern is.
> Or is this internal use that can be satisfied by unpacking a blob in
> OpenDNSSEC ?
>
> What does bind9 uses ? Petr, can you provide example key files ?
>
> Simo.
>
More information about the Freeipa-devel
mailing list