[Opendnssec-develop] interaction between the Signer and KASP
jad at jadickinson.co.uk
Thu Dec 18 15:32:17 CET 2008
On 18 Dec 2008, at 13:22, Matthijs Mekking wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> A debate has resulted in some questions and a proposal that affects
> interaction between the Signer and KASP module
My understanding (and what I have started developing) is that the
enforcer will run as a daemon. It will read KASP, create keys and call
the signer when ever signing is needed. It will tell the signer:
what zone to sign
what adapter to use to get that zone
what adapter to use publish the signed results with
which keys to use
where the keys are
> The OpenDNSSEC project designs the Signer as a client to the KASP
> module. Whenever the Signer needs to sign stuff, it needs to contact
> KASP module in order to retrieve the security parameters. This might
> lead to a lot of traffic between the two modules, since it is expected
> that the Signer has to sign a lot. We would like to propose that KASP
> signals the Signer in case of any changes had occurred. The KASP
> needs to apply the changes, so we expect that it is little work for
> KASP module to send out a signal after the change is complete. Can we
> make that assumption and is there any comment on this proposal?
> Furthermore, some questions came to our mind that we could not answer.
> Maybe this list can help us out:)
> 1. From the opendnssec.org website, I assume that the Signer has to
> determine the inception and expiration times on signatures. It can
> determine this from the refresh interval. (Ok, not a real question:))
It will be told all the information it needs to know by the enforcer.
I thought that in the first instance, the enforcer and signer would be
separate things but that in a later iteration they would be brought
together into one modular system.
If this is not what we are developing then I need to know :) Shall we
have a quick phone call about it? I am available tomorrow all day.
More information about the Opendnssec-develop