[Freeipa-devel] LDAP schema for DNSSEC keys
Jan Cholasta
jcholast at redhat.com
Fri Aug 1 12:31:04 UTC 2014
Dne 1.8.2014 v 13:54 Simo Sorce napsal(a):
> On Tue, 2014-07-29 at 11:49 +0200, Jan Cholasta wrote:
>
>> I don't think I'm authorized to edit bind-dyndb-ldap wiki, so I'm going
>> to comment the steps from the link above here:
>
> I think anyone with a fedora login can change it, but thanks anyway, you
> clarified quite some things.
>
> I have a questions about algorithms agility though, are we tied to use
> AES128 and RSA2048 ? Or do we have the means to specify and use
> alternative algorithms should it be necessary ?
> (Like EC instead of RSA ?)
The schema allows different key types and wrapping algorithms to be used
in the future.
>
> Also would you know where I can find details on how
> CKM_AES_KEY_WRAP[_PAD] is actually implemented ?
CKM_AES_KEY_WRAP uses the algorithm specified in RFC 3394,
CKM_AES_KEY_WRAP_PAD uses the algorithm described in RFC 5649. We don't
use CKM_AES_KEY_WRAP ATM.
>
> Simo.
>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list