[Freeipa-devel] DNSSEC design page
Simo Sorce
simo at redhat.com
Tue Feb 25 14:11:08 UTC 2014
On Tue, 2014-02-25 at 14:54 +0100, Ludwig Krispenz wrote:
> > Any reason why we should follow in detail what softshm does ?
> because I did't know what is really needed. If you want to have a
> pkcs11
> module, which stores data in ldap, I though it should have all the
> attributes potentially needed.
> Jan said taht OpenDNSSEC uses CKA_VERIFY, CKA_ENCRYPT, CKA_WRAP,
> CKA_SIGN, CKA_DECRYPT, CKA_UNWRAP, CKA_SENSITIVE, CKA_PRIVATE,
> CKA_EXTRACTABLE,
> so there is at least one requirement for fine grained attributes.
Does OpenDNSSEC store them as separate entities and need access to them
independently ?
Or is this internal use that can be satisfied by unpacking a blob in
OpenDNSSEC ?
What does bind9 uses ? Petr, can you provide example key files ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list