[Opendnssec-develop] Newsletter #3

Rickard Bondesson rickard.bondesson at iis.se
Wed Feb 25 08:25:56 UTC 2009

Hash: SHA256


Here is the news from the two latest weeks:


* The project

Use cases for phase 1 are published on the wiki. Phase 2 will be documented later.

Phase 1 is scheduled to be finished in the beginning of April. Each component should be finished within a couple of weeks. The integration of the components is to be planned by Rickard and then presented to the group.

We are noting attention from other vendors and customers. And we agreed upon focusing on our own goals primarily to be able to produce phase 1 and 2. Any requirements or request by other parties might be taken in to consideration, but we are not looking for extra partners at this time.

SURFnet has released a white paper on DNSSEC (but not as a part of this project).

* Meetings

We had a telephone meeting on the 23rd of February. Minutes will be published on the wiki.

Next telephone meeting is on Monday the 9th of March, 14:00-15:00 CET.


The API between the KASP Enforcer and the Signer Engine has been agreed upon. A more detailed version will be explained by using RelaxNG.

* KSM and KASP Enforcer

A RFC draft on DNSSEC Key Timing Consideration has been published by Stephen, Johan Ihren (not a member of this project), and John.

The authors are seeking feedback on it. This draft will be implemented in OpenDNSSEC.

* Signer Engine

The Engine has been updated with a new design. This new design gives improved scalability and performance. It won't sign 5000 zones a minute, but it can keep 5000 zones signed at a normal pace.

* SoftHSM

SoftHSM has also been updated with a new internal design. It now supports multiple tokens, where each has its own user. All private keys of the type private token objects are now encrypted when stored in the database. The signing performance has not been decreased because of this change.


// Rickard
Version: 9.8.3 (Build 4028)
Charset: utf-8


More information about the Opendnssec-develop mailing list