[Freeipa-devel] DNSSEC design page
Petr Spacek
pspacek at redhat.com
Thu Feb 13 17:36:55 UTC 2014
Hello list,
I would like to point you to design pages for DNSSEC feature:
Zone signing:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC
Automatic key rotation:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Shortterm
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Longterm
You can ignore bind-dyndb-ldap specifics and think about interactions with
FreeIPA and SSSD.
- We need to design LDAP schema for key storage (Ludwig is looking into it).
- We need to write PKCS#11 module on top of LDAP database.
- We need to design key rotation on client side (SSSD? Certmonger?).
- We need to design WebUI/CLI
etc.
Read sections 'External Impact' carefully :-)
Have a nice day!
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list