[Opendnssec-develop] Newsletter #3
Rickard Bondesson
rickard.bondesson at iis.se
Wed Feb 25 08:25:56 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi
Here is the news from the two latest weeks:
*******************************************
* The project
Use cases for phase 1 are published on the wiki. Phase 2 will be documented later.
Phase 1 is scheduled to be finished in the beginning of April. Each component should be finished within a couple of weeks. The integration of the components is to be planned by Rickard and then presented to the group.
We are noting attention from other vendors and customers. And we agreed upon focusing on our own goals primarily to be able to produce phase 1 and 2. Any requirements or request by other parties might be taken in to consideration, but we are not looking for extra partners at this time.
SURFnet has released a white paper on DNSSEC (but not as a part of this project).
http://www.surfnet.nl/Documents/DNSSSEC-web.pdf
* Meetings
We had a telephone meeting on the 23rd of February. Minutes will be published on the wiki.
Next telephone meeting is on Monday the 9th of March, 14:00-15:00 CET.
* API
The API between the KASP Enforcer and the Signer Engine has been agreed upon. A more detailed version will be explained by using RelaxNG.
* KSM and KASP Enforcer
A RFC draft on DNSSEC Key Timing Consideration has been published by Stephen, Johan Ihren (not a member of this project), and John.
http://tools.ietf.org/html/draft-morris-dnsop-dnssec-key-timing-00
The authors are seeking feedback on it. This draft will be implemented in OpenDNSSEC.
* Signer Engine
The Engine has been updated with a new design. This new design gives improved scalability and performance. It won't sign 5000 zones a minute, but it can keep 5000 zones signed at a normal pace.
* SoftHSM
SoftHSM has also been updated with a new internal design. It now supports multiple tokens, where each has its own user. All private keys of the type private token objects are now encrypted when stored in the database. The signing performance has not been decreased because of this change.
*******************************************
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSaUAlOCjgaNTdVjaAQj6TQf/cqw0hml6nYrCcgOttZdv8BAOTYe8+B5f
ra2FGsPqMQl5jH1XGiWEL6CG8TgSFUZwFieVaFzrYMiFKOJ2ZIdwmU4w754RE5pJ
Dz864cqpi7oiDjhpjEagSVpQ/nF9Rjkm3QLbGyT79ERF3leUN8fljOJ58IumYbRL
z6Lvzp8k9ty9AgYTxJoVDvY5pSSMTCQlCElFP3YrG95w6grMqVISHmK2ekl2XDnX
Vw8agQ6iNl1imPUWq5svYWLZrEJHk+Hp6Q89iYUb4sqoThHY568/3/e5wu0TqlrP
De5WTH/42XQd01lVF9oe7cwPN4cEHYRxVvjUgUW2OX/U1PrwTDgnCA==
=RjBf
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list