[Freeipa-devel] LDAP schema for DNSSEC keys
Simo Sorce
simo at redhat.com
Fri Aug 1 13:34:31 UTC 2014
On Fri, 2014-08-01 at 14:31 +0200, Jan Cholasta wrote:
> Dne 1.8.2014 v 13:54 Simo Sorce napsal(a):
> > On Tue, 2014-07-29 at 11:49 +0200, Jan Cholasta wrote:
> >
> >> I don't think I'm authorized to edit bind-dyndb-ldap wiki, so I'm going
> >> to comment the steps from the link above here:
> >
> > I think anyone with a fedora login can change it, but thanks anyway, you
> > clarified quite some things.
> >
> > I have a questions about algorithms agility though, are we tied to use
> > AES128 and RSA2048 ? Or do we have the means to specify and use
> > alternative algorithms should it be necessary ?
> > (Like EC instead of RSA ?)
>
> The schema allows different key types and wrapping algorithms to be used
> in the future.
Excellent
> >
> > Also would you know where I can find details on how
> > CKM_AES_KEY_WRAP[_PAD] is actually implemented ?
>
> CKM_AES_KEY_WRAP uses the algorithm specified in RFC 3394,
> CKM_AES_KEY_WRAP_PAD uses the algorithm described in RFC 5649. We don't
> use CKM_AES_KEY_WRAP ATM.
Thanks.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list