<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Hi Rick,</div><div><br></div><div>Currently home sick so I will be short.</div><div><br></div><div>Petr sent a mail to the user list in early Mars and it did not go unnoticed. We are working on a new database layer [1][2], it supports basicly any backend and we are converting existing code from C++ to C and making it non-transactional.</div>
<div><br></div><div>[1] <a href="https://github.com/opendnssec/opendnssec/pull/76">https://github.com/opendnssec/opendnssec/pull/76</a><br>[2] <a href="https://github.com/jelu/opendnssec/tree/dbx/enforcer-ng/src/db">https://github.com/jelu/opendnssec/tree/dbx/enforcer-ng/src/db</a></div>
<div><br><span style="background-color:rgba(255,255,255,0)">-- <br>Jerry Lundström - OpenDNSSEC Developer<br><a href="http://www.opendnssec.org/" target="_blank">http://www.opendnssec.org/</a></span></div><div><br>On 25 jun 2014, at 14:53, Rick van Rein <<a href="mailto:rick@openfortress.nl">rick@openfortress.nl</a>> wrote:<br>
<br></div><blockquote type="cite"><div><span>Hi,</span><br><span></span><br><span>A while back we’ve discussed alternate databases, and I proposed LDAP as an option.  It was deemed too far off the current design of the Enforcer, even if it is technically practical for many admins.</span><br>
<span></span><br><span>When discussing some OpenDNSSEC-related things with Petr Spacek, he showed me RedHat's project that is doing exactly this; they are storing the information from the Enforcer in their FreeIPA infrastructure.  Their short and long term plans are here:</span><br>
<span></span><br><span> * <a href="https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Shortterm">https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Shortterm</a></span><br><span> * <a href="https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Longterm">https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Longterm</a></span><br>
<span></span><br><span>They also intend to store wrapped private keys in LDAP; I am talking them through alternatives which retain PKCS #11 protection yet support their wishes.</span><br><span></span><br><span></span><br>
<span>Cheers,</span><br><span> -Rick_______________________________________________</span><br><span>Opendnssec-develop mailing list</span><br><span><a href="mailto:Opendnssec-develop@lists.opendnssec.org">Opendnssec-develop@lists.opendnssec.org</a></span><br>
<span><a href="https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop">https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop</a></span><br></div></blockquote></body></html>