[Opendnssec-develop] Newsletter #2

Rickard Bondesson rickard.bondesson at iis.se
Wed Feb 11 09:13:25 UTC 2009

Hash: SHA256


This is our second newsletter, which summarizes our current work. The next one will be published in two weeks.


* The project

We have appointed Jakob as the system architect. He will make the final decisions concerning the general system design.

* Meetings

We had a meeting in Amsterdam. The minutes from the meeting will be published on the wiki shortly. This newsletter is essentially a summery of the meeting.

Next Face-To-Face meeting will be in:
22-27 March 2009 – IETF, San Francisco
4-8 May 2009 - RIPE, Amsterdam

We will also have telephone meetings starting from this week.

* Use cases

Stephen will update the wiki with the current use cases.

* Marketing plan

No marketing is needed until we have a software that we can deliver. The main focus is now on developing. The reason is to avoid so called vapourware. One first step in the marketing area would be to add a new first page on the OpenDNSSEC web page, thus separating it from the wiki information which is for development.

* System architecture

The architecture has been more precisely defined, making all of us to have a common view of the project and current development. Auditing functionalities has also been added (like consistency checks). All logging information will go to syslog.

* Windows

We will not explicitly support Windows, but we should make it easy to create a porting for Windows.


Most of the communication is between the KASP and Signer Engine, an interface which needs to be more specified. John, together with Jelte, will publish this on the wiki.

* Key referencing

Jakob will work out a draft on how to internally, within OpenDNSSEC, reference a set of keys.

* Signer Engine with RRset Signer and NSEC-ifier

The Signer Engine is essentially finished for version 1.0. Just needs a script which bundles the parts together and can communicate with the KASP Enforcer. A proof-of-concept is available in the source code repository.

* SoftHSM

All the functionality is in place to be able to function with the OpenDNSSEC software bundle. Some concerns were raised at the Amsterdam meeting regarding how the information is stored within the SoftHSM (security considerations). The changes are planned for the next iterations of development.

* KASP and KSM

We have a partly finished version of KASP. John and Sion will finalize it. The current work is also depending on a RFC draft concerning key management which will be published in shortly.

* Inbound and outbound adapters

They will be part of version 2.

* Testing

We have all agreed on that we must test our software very thoroughly. Testing guidelines will be written, so that each component is tested in the same way. The source code will be checked both manually and by automated tools. The entire system will also be tested to see that it conforms to the requirements. More details will be published by Stephen and Rick.


A buyer’s guide will be written and published by Roland. A compliancy tool will also be developed, to be able to test HSMs if they have the functionality needed for OpenDNSSEC.

* Robustness through redundancy

Redundancy regarding keys is depending on the choice of HSM, and not explicitly part of OpenDNSSEC. However, we need to produce a set of operating guidelines. SURFNet can sponsor this kind of documents. This is not part of this stage, but for version 2.

* Deadline for version 1

Each developer should report their estimates, on how much time they need, to Rickard. Rickard should then plan the finalization of version 1 according to this.


// Rickard
Version: 9.8.3 (Build 4028)
Charset: utf-8


More information about the Opendnssec-develop mailing list